Bronze Atlas

Threat Actor updated 7 days ago (2024-11-29T14:07:48.422Z)
Download STIX
Preview STIX
Bronze Atlas, also known as APT41, Winnti Group, or HOODOO, is a significant threat actor identified in the cybersecurity industry. The group has been involved in various malicious activities and has been tracked by Secureworks' Counter Threat Unit since at least 2007. According to Marc Burnard, a senior security researcher for Secureworks, Bronze Atlas is "one of the most prolific groups we have been tracking for a long time." This Chinese entity is characterized by dual espionage and cybercrime activities, demonstrating its broad range of capabilities and intent. Recently, Bronze Atlas targeted a Taiwanese media organization, as reported by the Google Threat Analysis Group (TAG). The attack was executed through phishing emails that contained links to a password-protected file hosted on Drive. This attack methodology aligns with the group's well-documented approach of using sophisticated techniques to compromise their targets. The group's actions continue to pose a substantial risk to organizations worldwide, especially those in the media sector. In a recent development, Symantec researchers noted a shift in the group's tactics. In late last year and early this year, Bronze Atlas showed a greater reliance on open-source tools rather than its usual custom malware. This change could suggest an adaptation to evade detection or a new strategic direction. Furthermore, the group is linked to the discovery of Shadowpad, a modular backdoor found in 2017 following a supply-chain attack on server management software. This connection further underscores the group's advanced capabilities and persistent threat to global cybersecurity.
Description last updated: 2023-10-10T20:40:09.548Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
APT41 is a possible alias for Bronze Atlas. APT41, also known as Winnti, is a threat actor suspected to be originating from China, with its activities dating back to as early as 2012. It has targeted organizations in at least 14 countries and has been associated with the use of at least 46 different code families and tools. The group's activi
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Bronze Atlas Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more