Bronze Highland

Threat Actor Profile Updated 24 days ago
Download STIX
Preview STIX
Bronze Highland, also known as Evasive Panda and Daggerfly, is a Chinese-speaking advanced persistent threat (APT) group that has been active since at least 2012. The group has been observed conducting cyberespionage against individuals in mainland China, Hong Kong, Macao, and Nigeria. It targets not only individuals but also specific organizations within these regions. Its activities have expanded over time to include targets in various countries such as India, Malaysia, Myanmar, the Philippines, Taiwan, Vietnam, and notably, Tibetans globally. The APT group has recently launched a sophisticated cyber-espionage campaign targeting Tibetans across various countries and territories. They have also targeted African telecommunications providers in cyberattacks since November 2023. These operations demonstrate their global reach and capability to target a wide range of entities. Their tactics include deploying custom malware, like MgBot, designed to spy on victims and collect data from their devices. ESET Research's report details a cyber-espionage campaign linked to this APT group targeting a nonprofit organization in China. Security researchers at ESET have observed a new malware campaign by Bronze Highland using a custom backdoor known as MgBot. This indicates an evolution in their capabilities and sophistication, implying an increasing threat level to potential targets. The group's ongoing activities necessitate continued vigilance and proactive cybersecurity measures from potential target entities.
What's your take? (Question 1 of 5)
1ef13c0f-5aa0-4e71-8f65-e8ea6652b935 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Evasive Panda
4
Evasive Panda, also known as BRONZE HIGHLAND and Daggerfly, is a threat actor group believed to be aligned with China. This group has been involved in a series of cyberespionage campaigns targeting Tibetans globally, starting from September 2023 or earlier. The group's operations have impacted syste
Daggerfly
4
DaggerFly, also known as Evasive Panda and Bronze Highland, is a Chinese-speaking Advanced Persistent Threat (APT) group that has been active since at least 2012. The group primarily conducts cyber espionage operations against individuals in mainland China, Hong Kong, Macao, and Nigeria, as well as
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Malware
Evasive
Espionage
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
MgbotUnspecified
2
MgBot is a sophisticated malware used exclusively by the threat actor group known as Evasive Panda. This malicious software, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computer systems without the user's knowledge. Once inside, M
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Bronze Highland Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
ESET
a year ago
Evasive Panda APT group delivers malware via updates for popular Chinese software | WeLiveSecurity
CERT-EU
3 months ago
China Panda APT Hacking Websites To Infect Windows And MacOS Visitors With Malware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
a year ago
Cyber security week in review: April 28, 2023
CERT-EU
3 months ago
Chinese Evasive Panda Targets Tibetans with Nightdoor Backdoor
InfoSecurity-magazine
a year ago
Evasive Panda's Backdoor MgBot Delivered Via Chinese Software Updates
CERT-EU
a year ago
Chinese Cyberspies Delivered Malware via Legitimate Software Updates
CERT-EU
3 months ago
Well-equipped, resourced Chinese-backed hacking group targeting Tibetan networks | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
a year ago
Novel macOS malware leveraged in BlueNoroff attacks
DARKReading
a year ago
China's 'Evasive Panda' Hijacks Software Updates to Deliver Custom Backdoor
CERT-EU
3 months ago
Chinese Panda APT Hacking Websites To Infect Windows And MacOS Users
CERT-EU
3 months ago
Evasive Panda leverages Monlam Festival to target Tibetans
CERT-EU
a year ago
Alibaba Cloud's PostgreSQL databases impacted by critical bugs
InfoSecurity-magazine
3 months ago
Evasive Panda Targets Tibet With Trojanized Software