The Chinese threat actor APT10 used a vulnerability in a web interface to install a version of the Quasar remote access Trojan. The attack was initially overlooked because of the focus on a credential stuffing attack, where hackers use mass amounts of previously stolen information to try to break into a system, seemingly conducted by APT10 to secure access to trading accounts and make transactions on the Hong Kong stock market. The credential stuffing was used by APT10 as a smokescreen for its larger operation.