Bronze Highland

Threat Actor updated 19 days ago (2024-11-29T14:36:21.537Z)

Download STIX

Preview STIX

Bronze Highland, also known as Evasive Panda and Daggerfly, is a China-linked Advanced Persistent Threat (APT) group that has been active since at least 2012. The group primarily conducts cyber espionage against individuals in mainland China, Hong Kong, Macao, and Nigeria, as well as certain organizations within China and Hong Kong. It also targets countries and organizations opposing China's interests through independence movements, such as those in the Tibetan diaspora, religious and academic institutions in Taiwan and Hong Kong, and supporters of democracy in China. The APT group has recently upgraded its malware arsenal significantly, introducing new versions of its malware, most likely in response to exposure of older variants. These updates include a new malware family based on the MgBot framework and an updated version of the macOS backdoor Macma. The new iterations of Macma include improved screen capture functionality and new logic to collect a file's system listing. This new toolset was deployed in a number of recent attacks against organizations in Taiwan and a U.S. NGO based in China, indicating the group's engagement in internal espionage. Recently, a sophisticated cyber-espionage campaign by Bronze Highland has been observed targeting Tibetans across various countries and territories. The campaign represents a global expansion of the group's activities, demonstrating its growing threat to cybersecurity worldwide. Given the group's persistent activity and evolving tactics, it remains a significant concern for cybersecurity professionals and organizations alike.

Description last updated: 2024-10-29T20:15:09.077Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Evasive Panda is a possible alias for Bronze Highland. Evasive Panda, also known as StormBamboo, Daggerfly, or Bronze Highland, is a threat actor group linked to China that has been operating since at least 2012. The group primarily focuses on cyber espionage against civil society targets and has demonstrated significant technical capabilities. They hav	6
Daggerfly is a possible alias for Bronze Highland. DaggerFly, also known as Evasive Panda and StormBamboo, is a Chinese-speaking Advanced Persistent Threat (APT) group that has been active since at least 2012. The group is recognized for its cyber espionage activities against individuals and organizations in mainland China, Hong Kong, Macao, Nigeria	5

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Malware

Evasive

Espionage

Backdoor

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Mgbot Malware is associated with Bronze Highland. MgBot is a malicious software (malware) discovered by ESET, designed to exploit and damage computer systems. It can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it's capable of stealing personal information, disrupting operations, and	Unspecified	3
The MacMa Malware is associated with Bronze Highland. Macma is a malware, first detailed by Google in 2021, that has been used since at least 2019. It is a modular backdoor that supports multiple functionalities such as device fingerprinting, executing commands, screen capture, keylogging, audio capture, and uploading and downloading files. Macma, ofte	Unspecified	2

Source Document References

Information about the Bronze Highland Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
ESET	2 months ago	CloudScout: Evasive Panda scouting cloud services
Securityaffairs	5 months ago	Chinese Daggerfly uses a new version of Macma macOS backdoor
BankInfoSecurity	5 months ago	Chinese Cyberespionage Group Expands Malware Arsenal
CERT-EU	9 months ago	Well-equipped, resourced Chinese-backed hacking group targeting Tibetan networks \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	9 months ago	China Panda APT Hacking Websites To Infect Windows And MacOS Visitors With Malware \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	9 months ago	Chinese Evasive Panda Targets Tibetans with Nightdoor Backdoor
CERT-EU	9 months ago	Chinese Panda APT Hacking Websites To Infect Windows And MacOS Users
InfoSecurity-magazine	9 months ago	Evasive Panda Targets Tibet With Trojanized Software
CERT-EU	9 months ago	Evasive Panda leverages Monlam Festival to target Tibetans
DARKReading	2 years ago	China's 'Evasive Panda' Hijacks Software Updates to Deliver Custom Backdoor
CERT-EU	2 years ago	Alibaba Cloud's PostgreSQL databases impacted by critical bugs
CERT-EU	2 years ago	Chinese Cyberspies Delivered Malware via Legitimate Software Updates
InfoSecurity-magazine	2 years ago	Evasive Panda's Backdoor MgBot Delivered Via Chinese Software Updates
CERT-EU	2 years ago	Cyber security week in review: April 28, 2023
CERT-EU	2 years ago	Novel macOS malware leveraged in BlueNoroff attacks
ESET	2 years ago	Evasive Panda APT group delivers malware via updates for popular Chinese software \| WeLiveSecurity