Threat actor · all actors
menuPassG0045 state
🇨🇳 CN · MSS · Tianjin Bureau
aka menuPass, Cicada, POTASSIUM, Stone Panda, APT10, Red Apollo, CVNX, HOGFISH, BRONZE RIVERSIDE, Menupass Team, happyyongzi, Cloud Hopper, ATK41, G0045, Granite Taurus, TA429, Purple Typhoon
Last updated: 2026-07-03
About this actor
[menuPass](https://attack.mitre.org/groups/G0045) is a threat group that has been active since at least 2006. Individual members of [menuPass](https://attack.mitre.org/groups/G0045) are known to have acted in association with the Chinese Ministry of State Security's (MSS) Tianjin State Security Bureau and worked for the Huaying Haitai Science and Technology Development Company.(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018) [menuPass](https://attack.mitre.org/groups/G0045) has targeted healthcare, defense, aerospace, finance, maritime, biotechnology, energy, and government sectors globally, with an emphasis on Japanese organizations. In 2016 and 2017, the group is known to have targeted managed IT service providers (MSPs), manufacturing and mining companies, and a university.(Citation: Palo Alto menuPass Feb 2017)(Citation: Crowdstrike CrowdCast Oct 2013)(Citation: FireEye Poison Ivy)(Citation: PWC Cloud Hopper April 2017)(Citation: FireEye APT10 April 2017)(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)
Source: MITRE ATT&CK
Activity timeline
- 2021 — 1 CVE published
- 2017 — 1 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2017-6328 | 5.5 | 8.8 | 0.0214 | 2017-08-11 | see CVE |
CVE-2020-6789 | 5.5 | 7.8 | 0.0035 | 2021-03-25 | see CVE |
T1003T1003.002T1003.003T1003.004T1005T1016T1018T1021T1021.001T1021.004T1027T1027.013T1036T1036.003T1036.005T1039T1046T1047T1049T1053T1053.005T1055T1055.012T1056T1056.001T1059T1059.001T1059.003T1070T1070.003T1070.004T1074T1074.001T1074.002T1078T1083T1087T1087.002T1090T1090.002T1105T1106T1119T1140T1190T1199T1204T1204.002T1210T1218T1218.004T1553T1553.002T1560T1560.001T1566T1566.001T1568T1568.001T1574T1574.001T1583T1583.001T1588T1588.002
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 45 / 65 | 69% |
CM-6 | 41 / 65 | 63% |
CM-2 | 37 / 65 | 57% |
SI-3 | 36 / 65 | 55% |
AC-3 | 29 / 65 | 45% |
AC-6 | 29 / 65 | 45% |
CM-7 | 29 / 65 | 45% |
AC-2 | 27 / 65 | 42% |
CA-7 | 24 / 65 | 37% |
SI-7 | 21 / 65 | 32% |
AC-5 | 20 / 65 | 31% |
CM-5 | 19 / 65 | 29% |
SC-7 | 19 / 65 | 29% |
IA-2 | 18 / 65 | 28% |
RA-5 | 18 / 65 | 28% |
Co-occurring actors
- APT41 2 shared CVEs
- Deep Panda 2 shared CVEs
- Leviathan 2 shared CVEs
- APT1 2 shared CVEs
- Winnti Group 2 shared CVEs
- APT3 2 shared CVEs
- APT19 2 shared CVEs
Similar actors
Similar TTPs
- Threat Group-3390 0.42
- GALLIUM 0.39
- APT39 0.37
- MirrorFace 0.37
- Silence 0.37
Overlapping CVEs
- APT1 1.00
- Deep Panda 1.00
- APT3 1.00
- Winnti Group 1.00
- APT41 1.00
Active in same years
- APT1 2.00
- Deep Panda 2.00
- APT3 2.00
- Lazarus Group 2.00
- Winnti Group 2.00
Same nation-state
- Night Dragon 1.00
- FunnyDream 1.00
- Operation Wocao 1.00
- C0017 1.00
- Cutting Edge 1.00
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00