General description
Bronze Union is an APT group that has been active since at least 2010. Different researchers all believe that the group originated in China. It widely uses watering hole techniques for initial penetration, in particular, infection of websites visited by victims, as well as phishing and network service vulnerabilities. The group specializes in cyber-espionage, primarily in networks of government agencies, defense enterprises and political organizations. In 2020, some researchers (including specialists from the PT Expert Secutity Center) suggested that the group had become financially motivated.
Objectives
- Espionage
- Cash extortion
Tools
- AspxSpy/ASPXTool webshell
- Antak webshell
- China Chopper webshell
- Clambling
- Dnstunclient
- Gh0st RAT
- HTran
- HttpBrowser
- Hunter
- HyperBro
- Mimikatz/Wrapikatz
- NBTscan
- OwaAuth
- PlugX/Korplug
- Polpo
- PsExec
- SysUpdate
- TwoFace
- Windows Credentials Editor
- ZxShell
- gsecdump
- pwdump
Targeted countries
Australia
Canada
China
Hong Kong
India
Iran
Israel
Japan
Mongolia
Philippines
Russia
South Korea
Spain
Taiwan
Thailand
Turkey
United Kingdom
United States of America
Vietnam
Alternative names
- LuckyMouse
- Emissary Panda
- APT27
- Iron Tiger
- TG-3390
- TEMP.Hippo
- Group 35
- ZipToken
Targeted sectors:
- Analytical centers
- Aerospace industry
- Defense industry
- Education
- Industrial sector
- Information technologies
- Media
- State sector