BRONZE MOHAWK

Threat Actor updated a month ago (2024-08-01T14:56:31.010Z)

Download STIX

Preview STIX

Bronze Mohawk is a notable threat actor in the cybersecurity landscape, often associated with state-sponsored cyber activities. It is believed to be part of a larger network of Advanced Persistent Threat (APT) groups, including APT40, also known as Kryptonite Panda, GINGHAM TYPHOON, Leviathan, and others. These groups are known for their persistent and sophisticated cyber attacks, with techniques that significantly overlap, suggesting shared resources or a common origin. The naming conventions for these groups vary across the industry, reflecting the complex and evolving nature of cybersecurity threats. In a recent incident, Google's Threat Analysis Group (TAG) linked a fourth WinRAR attack to the China-backed group IslandDreams, which is also tracked as Bronze Mohawk among other names. This attack was part of a phishing campaign launched in late August, targeting users in Papua New Guinea. Such tactics mirror those used by other China-affiliated threat actors, further reinforcing the connection between these groups and indicating a broader strategic approach to cyber warfare. The Australian Cyber Security Centre (ACSC) has issued an advisory based on ongoing investigations into these incidents, identifying the People's Republic of China (PRC) as the likely sponsor of the APT40 group, and by extension, Bronze Mohawk. The advisory highlights similarities in the group's activity with other China-backed threat groups like Kryptonite Panda, Gingham Typhoon, and Leviathan. This information underscores the global challenge posed by state-sponsored cyber threats and the need for continued vigilance and robust cybersecurity defenses.

Description last updated: 2024-08-01T13:29:36.953Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Kryptonite Panda	2	Kryptonite Panda, also known as APT40, Bronze Mohawk, Periscope, Mudcarp, and GINGHAM TYPHOON among others, is a threat actor believed to be based in Haikou, Hainan Province, People's Republic of China. This threat group has been associated with an array of cyber-espionage operations targeting gover

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the BRONZE MOHAWK Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	2 months ago	Chinese Threat Group APT40 Exploits N-Day Vulns at Rapid Pace
InfoSecurity-magazine	2 months ago	Chinese State Actor APT40 Exploits N-Day Vulnerabilities Within Hours
CISA	2 months ago	People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action \| CISA
CISA	2 months ago	CISA and Partners join ASD’S ACSC to Release Advisory on PRC State-Sponsored Group, APT 40 \| CISA
DARKReading	a year ago	Patch Now: APTs Continue to Pummel WinRAR Bug