ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > Bronze Highland

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Bronze Highland

NamesBronze Highland (SecureWorks)
Evasive Panda (Malwarebytes)
Daggerfly (Symantec)
Storm Cloud (Volexity)
StormBamboo (Volexity)
CountryChina China
MotivationInformation theft and espionage
First seen2012
Description(SecureWorks) BRONZE HIGHLAND has been observed using spearphishing as an initial infection vector to deploy the MgBot remote access trojan against targets in Hong Kong. Third party reporting suggests the threat group also targets India, Malaysia and Taiwan and leverages Cobalt Strike and KsRemote Android Rat. CTU researchers assess with moderate confidence that BRONZE HIGHLAND operates on behalf of China and has a remit covering espionage against domestic human rights and pro-democracy advocates and nations neighbouring China.
ObservedSectors: Telecommunications and human rights and pro-democracy advocates.
Countries: China, Hong Kong, India, Macao, Malaysia, Myanmar, Nigeria, Philippines, Taiwan, Tibet, Vietnam and Africa.
Tools usedCobalt Strike, GIMMICK, Nightdoor, Macma, MgBot, KsRemote, RELOADEXT, Living off the Land.
Operations performed2020Evasive Panda APT group delivers malware via updates for popular Chinese software
<https://www.welivesecurity.com/2023/04/26/evasive-panda-apt-group-malware-updates-popular-chinese-software/>
Late 2021Storm Cloud on the Horizon: GIMMICK Malware Strikes at macOS
<https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/>
Nov 2022Daggerfly: APT Actor Targets Telecoms Company in Africa
<https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/apt-attacks-telecoms-africa-mgbot>
Mid 2023StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms
<https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/>
Sep 2023Evasive Panda leverages Monlam Festival to target Tibetans
<https://www.welivesecurity.com/en/eset-research/evasive-panda-leverages-monlam-festival-target-tibetans/>
Jul 2024Daggerfly: Espionage Group Makes Major Update to Toolset
<https://symantec-enterprise-blogs.security.com/threat-intelligence/daggerfly-espionage-updated-toolset>
Information<https://www.secureworks.com/research/threat-profiles>
<https://blog.malwarebytes.com/threat-analysis/2020/07/chinese-apt-group-targets-india-and-hong-kong-using-new-variant-of-mgbot-malware/>
<https://vb2020.vblocalhost.com/uploads/VB2020-43.pdf>

Last change to this card: 27 August 2024

Download this actor card in PDF or JSON format

Previous: Bronze Butler, Tick, RedBaldNight, Stalker Panda
Next: Bronze Starlight

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]