Bronze Atlas

Threat Actor Profile Updated 13 days ago
Download STIX
Preview STIX
Bronze Atlas, also known as APT41, Winnti Group, or HOODOO, is a significant threat actor identified in the cybersecurity industry. The group has been involved in various malicious activities and has been tracked by Secureworks' Counter Threat Unit since at least 2007. According to Marc Burnard, a senior security researcher for Secureworks, Bronze Atlas is "one of the most prolific groups we have been tracking for a long time." This Chinese entity is characterized by dual espionage and cybercrime activities, demonstrating its broad range of capabilities and intent. Recently, Bronze Atlas targeted a Taiwanese media organization, as reported by the Google Threat Analysis Group (TAG). The attack was executed through phishing emails that contained links to a password-protected file hosted on Drive. This attack methodology aligns with the group's well-documented approach of using sophisticated techniques to compromise their targets. The group's actions continue to pose a substantial risk to organizations worldwide, especially those in the media sector. In a recent development, Symantec researchers noted a shift in the group's tactics. In late last year and early this year, Bronze Atlas showed a greater reliance on open-source tools rather than its usual custom malware. This change could suggest an adaptation to evade detection or a new strategic direction. Furthermore, the group is linked to the discovery of Shadowpad, a modular backdoor found in 2017 following a supply-chain attack on server management software. This connection further underscores the group's advanced capabilities and persistent threat to global cybersecurity.
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
APT41
2
APT41, also known as Winnti, Wicked Panda, Barium, Suckfly, Earth Freybug, and Daggerfly, is a sophisticated threat actor attributed to China that has been active since at least 2012. The group targets organizations across various sectors including public administration, professional services, scien
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Bronze Atlas Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
a year ago
China's BlackFly Targets Materials Sector in 'Relentless' Quest for IP
DARKReading
a year ago
APT41 Taps Google Red Teaming Tool in Targeted Info-Stealing Attacks
InfoSecurity-magazine
10 months ago
Chinese APT Favorite Backdoor Found in Pakistani Government App