ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > Bronze Highland

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Bronze Highland

NamesBronze Highland (SecureWorks)
Evasive Panda (Malwarebytes)
CountryChina China
MotivationInformation theft and espionage
First seen2014
Description(SecureWorks) BRONZE HIGHLAND has been observed using spearphishing as an initial infection vector to deploy the MgBot remote access trojan against targets in Hong Kong. Third party reporting suggests the threat group also targets India, Malaysia and Taiwan and leverages Cobalt Strike and KsRemote Android Rat. CTU researchers assess with moderate confidence that BRONZE HIGHLAND operates on behalf of China and has a remit covering espionage against domestic human rights and pro-democracy advocates and nations neighbouring China.
ObservedCountries: Hong Kong, India, Malaysia, Taiwan.
Tools usedCobalt Strike, MgBot, KsRemote.
Information<https://www.secureworks.com/research/threat-profiles>
<https://blog.malwarebytes.com/threat-analysis/2020/07/chinese-apt-group-targets-india-and-hong-kong-using-new-variant-of-mgbot-malware/>
<https://vb2020.vblocalhost.com/uploads/VB2020-43.pdf>

Last change to this card: 09 August 2021

Download this actor card in PDF or JSON format

Previous: Bronze Butler, Tick, RedBaldNight, Stalker Panda
Next: Buhtrap, Ratopak Spider

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key