Bronze Riverside

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
BRONZE RIVERSIDE, also known as APT10 and Earth Tengshe, is a threat actor associated with the Chinese Ministry of State Security (MSS). This group has been primarily involved in cyber espionage activities, focusing on the theft of intellectual property from Japanese organizations. The group's activities have included targeting overseas subsidiaries and suppliers of Japanese manufacturing, engineering, electronics, automotive, energy, and technology companies, with alleged intentions to gain access to the parent companies in Japan. These activities were particularly noted in late 2021. The Counter Threat Unit (CTU) researchers have observed the use of HUI Loader in the A41APT campaign linked to BRONZE RIVERSIDE, as well as in post-intrusion ransomware activity connected to BRONZE STARLIGHT. However, as of this publication, the researchers have not found any links between HUI Loader and publicly available code. This suggests that the tool may be unique to these threat actors or at least not widely used outside of their operations. Despite the evidence pointing towards BRONZE RIVERSIDE's involvement in these malicious activities, CTU researchers have been unable to conclusively corroborate the attribution based on the information available in the report. However, the tactics, techniques, and procedures (TTPs) employed by this threat actor align closely with those typically seen in Chinese threat group activity. This alignment further supports the theory that BRONZE RIVERSIDE is indeed a part of the Chinese MSS.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
APT10
2
APT10, also known as the Menupass Team, is a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS). The group has been active since 2009 and is suspected to be based in Tianjin, China, according to research by IntrusionTruth in 2018. APT10 has primarily targeted
Bronze Starlight
1
Bronze Starlight, a Chinese threat actor group, has been linked to various malicious activities in the cybersecurity landscape. The group is known for deploying different types of ransomware payloads, including traditional ransomware schemes such as LockFile and name-and-shame models. Bronze Starlig
Earth Tengshe
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Japan
Ransomware
Loader
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Bronze Riverside Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Japan in the Crosshairs of Many State-Sponsored Threat Actors New Report Finds
Secureworks
a year ago
BRONZE STARLIGHT Ransomware Operations Use HUI Loader