Table of Contents
General description
Objectives
Tools
Target sectors
Target countries
Alternative group names
Reports by Positive Technologies and other researchers
MITRE ATT&CK techniques, used by the group
General description
Bronze Union is an APT group that has been active since at least 2010. Different researchers all believe that the group originated in China. It widely uses watering hole techniques for initial penetration, in particular, infection of websites visited by victims, as well as phishing and network service vulnerabilities. The group specializes in cyber-espionage, primarily in networks of government agencies, defense enterprises and political organizations. In 2020, some researchers (including specialists from the PT Expert Secutity Center) suggested that the group had become financially motivated.
Objectives
- Espionage
- Cash extortion
Tools
- AspxSpy/ASPXTool webshell
- Antak webshell
- China Chopper webshell
- Clambling
- Dnstunclient
- Gh0st RAT
- HTran
- HttpBrowser
- Hunter
- HyperBro
- Mimikatz/Wrapikatz
- NBTscan
- OwaAuth
- PlugX/Korplug
- Polpo
- PsExec
- SysUpdate
- TwoFace
- Windows Credentials Editor
- ZxShell
- gsecdump
- pwdump
Target sectors
- Aerospace industry
- Analytical centers
- Defense industry
- State sector
- Information technologies
- Media
- Education
- Industrial sector
Target countries
- Australia
- United Kingdom
- Vietnam
- Hong Kong
- Israel
- India
- Iran
- Spain
- Canada
- China
- Mongolia
- Russia
- USA
- Taiwan
- Thailand
- Tibet
- Turkey
- Philippines
- South Korea
- Japan
Alternative group names
- LuckyMouse
- Emissary Panda
- APT27
- Iron Tiger
- TG-3390
- TEMP.Hippo
- Group 35
- ZipToken
Reports by Positive Technologies and other researchers
- https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/incident-response-polar-ransomware-apt27/
- https://arstechnica.com/information-technology/2015/08/newly-discovered-chinese-hacking-group-hacked-100-websites-to-use-as-watering-holes/
- https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/blob/master/2015/2015.09.17.Operation_Iron_Tiger/wp-operation-iron-tiger.pdf
- https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
- https://www.secureworks.com/research/bronze-union
- https://labs.bitdefender.com/2018/02/operation-pzchao-a-possible-return-of-the-iron-tiger-apt/
- https://research.nccgroup.com/2018/05/18/emissary-panda-a-potential-new-malicious-tool/
- https://securelist.com/luckymouse-hits-national-data-center/86083/
- https://securelist.com/luckymouse-ndisproxy-driver/87914/
- https://www.secureworks.com/research/a-peek-into-bronze-unions-toolbox
- https://securelist.com/apt-trends-report-q1-2019/90643/
- https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
- https://www.welivesecurity.com/2020/12/10/luckymouse-ta428-compromise-able-desktop/
- https://decoded.avast.io/luigicamastra/apt-group-targeting-governmental-agencies-in-east-asia/
MITRE ATT&CK techniques, used by the group
Show more
Download:
.csv
Share:
Get in touch
Fill in the form and our specialists
will contact you shortly
will contact you shortly