Bronze Riverside

BRONZE RIVERSIDE, also known as APT10 and Earth Tengshe, is a threat actor associated with the Chinese Ministry of State Security (MSS). This group has been primarily involved in cyber espionage activities, focusing on the theft of intellectual property from Japanese organizations. The group's activities have included targeting overseas subsidiaries and suppliers of Japanese manufacturing, engineering, electronics, automotive, energy, and technology companies, with alleged intentions to gain access to the parent companies in Japan. These activities were particularly noted in late 2021. The Counter Threat Unit (CTU) researchers have observed the use of HUI Loader in the A41APT campaign linked to BRONZE RIVERSIDE, as well as in post-intrusion ransomware activity connected to BRONZE STARLIGHT. However, as of this publication, the researchers have not found any links between HUI Loader and publicly available code. This suggests that the tool may be unique to these threat actors or at least not widely used outside of their operations. Despite the evidence pointing towards BRONZE RIVERSIDE's involvement in these malicious activities, CTU researchers have been unable to conclusively corroborate the attribution based on the information available in the report. However, the tactics, techniques, and procedures (TTPs) employed by this threat actor align closely with those typically seen in Chinese threat group activity. This alignment further supports the theory that BRONZE RIVERSIDE is indeed a part of the Chinese MSS.