ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > Bronze Highland

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Bronze Highland

NamesBronze Highland (SecureWorks)
Evasive Panda (Malwarebytes)
Daggerfly (Symantec)
CountryChina China
MotivationInformation theft and espionage
First seen2012
Description(SecureWorks) BRONZE HIGHLAND has been observed using spearphishing as an initial infection vector to deploy the MgBot remote access trojan against targets in Hong Kong. Third party reporting suggests the threat group also targets India, Malaysia and Taiwan and leverages Cobalt Strike and KsRemote Android Rat. CTU researchers assess with moderate confidence that BRONZE HIGHLAND operates on behalf of China and has a remit covering espionage against domestic human rights and pro-democracy advocates and nations neighbouring China.
ObservedSectors: Telecommunications and human rights and pro-democracy advocates.
Countries: China, Hong Kong, India, Macao, Malaysia, Myanmar, Nigeria, Philippines, Taiwan, Tibet, Vietnam and Africa.
Tools usedCobalt Strike, MgBot, KsRemote, Living off the Land.
Operations performed2020Evasive Panda APT group delivers malware via updates for popular Chinese software
Nov 2022Daggerfly: APT Actor Targets Telecoms Company in Africa
Sep 2023Evasive Panda leverages Monlam Festival to target Tibetans

Last change to this card: 10 March 2024

Download this actor card in PDF or JSON format

Previous: Bronze Butler, Tick, RedBaldNight, Stalker Panda
Next: Bronze Starlight

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]