Bronze Highland

Threat Actor Profile Updated 4 days ago

Download STIX

Preview STIX

Bronze Highland, also known as Evasive Panda and Daggerfly, is a Chinese-speaking advanced persistent threat (APT) group that has been active since at least 2012. The group conducts cyberespionage against individuals in mainland China, Hong Kong, Macao, and Nigeria, along with specific organizations within China and Hong Kong. According to ESET Research, the group uses custom malware like MgBot to spy on its victims and collect data from their devices. In March 2024, Bronze Highland initiated a global campaign targeting Tibetans, as reported by Hackread and Antivirus and Internet Security Solutions provider ESET. The group has also been observed using new iterations of Macma malware, which includes improved screen capture functionality and new logic to collect a file's system listing. This sophisticated cyber-espionage campaign illustrates the group's ongoing evolution and capability to target diverse groups across various countries and territories. Furthermore, in April 2023, the group was reported to have targeted African telecommunications providers, demonstrating their expansive reach beyond Asia. Historically, the group has targeted not only individuals but also government entities in mainland China, India, Hong Kong, Macao, Malaysia, Myanmar, the Philippines, Nigeria, Taiwan, and Vietnam. This wide range of targets indicates the scale and potential impact of Bronze Highland's activities.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Evasive Panda	6	Evasive Panda, a threat actor group also known as Bronze Highland and Daggerfly, has been identified as a significant cybersecurity threat. This group, believed to be aligned with China, has been deploying custom implants such as MgBot, Nightdoor, and a macOS downloader component, using these tools
Daggerfly	5	DaggerFly, also known as Evasive Panda and Bronze Highland, is a Chinese-speaking Advanced Persistent Threat (APT) group that has been active since 2012. The group is known for its cyberespionage activities targeting individuals in mainland China, Hong Kong, Macao, and Nigeria. In addition to these

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Malware

Evasive

Espionage

Backdoor

Antivirus

Eset

Hackread

Screen Capture

Macos

Chinese

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Mgbot	Unspecified	3	MgBot is a malicious software (malware) used exclusively by the cyber threat group known as Evasive Panda. This malware, along with another custom-made Windows backdoor called Nightdoor, forms part of the group's toolkit for cyber attacks. These tools are typically delivered via malicious downloader
MacMa	Unspecified	2	Macma is a potent malware that has been linked to the cyber-espionage group known as Daggerfly, also tracked as Evasive Panda and Bronze Highland. The malware, sometimes referred to as OSX.MacMa, was discovered loaded onto iPhone and macOS devices, enabling unauthorized access and data theft. Threat

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Bronze Highland Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
Securityaffairs	3 days ago	Chinese Daggerfly uses a new version of Macma macOS backdoor
BankInfoSecurity	4 days ago	Chinese Cyberespionage Group Expands Malware Arsenal
CERT-EU	5 months ago	Well-equipped, resourced Chinese-backed hacking group targeting Tibetan networks \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	5 months ago	China Panda APT Hacking Websites To Infect Windows And MacOS Visitors With Malware \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	5 months ago	Chinese Evasive Panda Targets Tibetans with Nightdoor Backdoor
CERT-EU	5 months ago	Chinese Panda APT Hacking Websites To Infect Windows And MacOS Users
InfoSecurity-magazine	5 months ago	Evasive Panda Targets Tibet With Trojanized Software
CERT-EU	5 months ago	Evasive Panda leverages Monlam Festival to target Tibetans
DARKReading	a year ago	China's 'Evasive Panda' Hijacks Software Updates to Deliver Custom Backdoor
CERT-EU	a year ago	Alibaba Cloud's PostgreSQL databases impacted by critical bugs
CERT-EU	a year ago	Chinese Cyberspies Delivered Malware via Legitimate Software Updates
InfoSecurity-magazine	a year ago	Evasive Panda's Backdoor MgBot Delivered Via Chinese Software Updates
CERT-EU	a year ago	Cyber security week in review: April 28, 2023
CERT-EU	a year ago	Novel macOS malware leveraged in BlueNoroff attacks
ESET	a year ago	Evasive Panda APT group delivers malware via updates for popular Chinese software \| WeLiveSecurity