BRONZE HUNTLEY

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Bronze Huntley is a recognized threat actor, known for its malicious activities in the cybersecurity domain. The group has been identified as using the ShadowPad DLL loader (secur32.dll), a notorious tool that allows them to inject malicious code into legitimate processes, thus evading detection and gaining unauthorized access to targeted systems. In addition, Bronze Huntley operates a ShadowPad Command and Control (C2) server, which acts as a central hub for managing their illicit operations, including data theft, system manipulation, and further malware deployment. This threat actor has been linked to significant cyber-espionage activity, notably by CTU researchers who have traced ShadowPad activity back to both Bronze Huntley and another threat group called Bronze Butler. These findings suggest a level of cooperation or shared resources between these two groups, which could indicate a larger, coordinated effort to compromise specific targets. The research further revealed that both groups are reportedly located in the Northern Theater Command, suggesting a potential geographical base for their operations. The identification and analysis of Bronze Huntley's tactics and tools provide crucial insights into this threat actor's capabilities and intentions. However, their association with other threat actors like Bronze Butler and their shared use of sophisticated tools like the ShadowPad DLL loader and C2 server underscore the evolving complexity of cyber threats. As such, organizations must remain vigilant and proactive in their cybersecurity efforts, continuously updating their defenses to counteract the ever-changing strategies employed by these threat actors.
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
BRONZE BUTLER
1
Bronze Butler, also known as Tick, is a sophisticated threat actor primarily focusing on cyberespionage against Japanese enterprises. In March 2023, ESET reported an operation by Bronze Butler that compromised the update server of an East Asian Data Loss Prevention (DLP) company, notably serving gov
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Loader
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ShadowPadUnspecified
1
ShadowPad is a modular backdoor malware that has been utilized by several Chinese threat groups since at least 2017. Notably, it was used as the payload in supply chain attacks targeting South Asian governments, as reported in the VB2023 paper. ShadowPad provides near-administrative capabilities in
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the BRONZE HUNTLEY Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Secureworks
a year ago
ShadowPad Malware Analysis