BRONZE SILHOUETTE

Threat Actor Profile Updated 6 days ago
Download STIX
Preview STIX
Bronze Silhouette, also known as Volt Typhoon, Vanguard Panda, Dev-0391, UNC3236, Voltzite, and Insidious Taurus, is a state-sponsored cyberespionage group linked to the People's Republic of China (PRC). The threat actor group has been active since at least 2021, targeting US government entities, defense organizations, and critical infrastructure sectors such as utilities, energy companies, military bases, telecom companies, and industrial sites. In recent activities, it has adopted operational relay box networks (ORBs), often running them off stolen or leased proxies, or via home or small office routers, to conduct its operations. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), along with partners including Secureworks, have released an advisory warning critical infrastructure organizations about Bronze Silhouette. This assessment is based on observations from incident response activities at compromised organizations. The STRIKE Team has also been tracking and identifying covert infrastructure linked to the group's campaign following the publication of reports of new activity attributed to Bronze Silhouette. Over a 37-day period, the cybersecurity firm observed Bronze Silhouette compromise nearly one-third of vulnerable Cisco routers. The group has installed malware that could potentially be used for widespread disruptions, such as slowing down any U.S. military response to a hypothetical Chinese invasion of Taiwan. As part of a broader Chinese effort, Bronze Silhouette continues to infiltrate various sectors to plant foothold malware, preparing for potential disruptive and destructive attacks in the future.
What's your take? (Question 1 of 4)
655176b6-1b93-42b1-b087-da4a07ccfdc0 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Volt Typhoon
5
Volt Typhoon, a threat actor associated with the Chinese government, has been identified as a significant cyber threat. Known for their strong operational security and obfuscation of malware, they have successfully infiltrated various sectors including communications, energy, transportation systems,
Vanguard Panda
3
Vanguard Panda, also known as Volt Typhoon, Bronze Silhouette, Insidious Taurus, and APT41, is a cyberespionage group linked to the Chinese government. Since mid-2021, this threat actor has targeted critical infrastructure sectors including manufacturing, utility, maritime, and government entities i
Insidious Taurus
2
Insidious Taurus, a malicious software, is part of the cyber arsenal deployed by Volt Typhoon, a state-sponsored cyberespionage group linked to the Chinese government. This malware is designed to infiltrate and damage computer systems, often gaining entry through suspicious downloads, emails, or web
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
State Sponso...
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the BRONZE SILHOUETTE Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
4 months ago
China Infiltrates US Critical Infrastructure in Ramp-up to Conflict
CERT-EU
5 months ago
Chinese Nation State Hacker Is Exploiting Cisco Routers | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
a year ago
Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks
CERT-EU
a year ago
Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
a year ago
Novel techniques leveraged in Chinese hacking attacks against critical infrastructure
InfoSecurity-magazine
4 months ago
US Thwarts Volt Typhoon Espionage Campaign Through Router Disruption
BankInfoSecurity
6 days ago
Chinese Cyber Espionage Groups Tied to ORB Network Attacks
BankInfoSecurity
4 months ago
How Long Will FBI's 'Volt Tycoon' Router Interdiction Stick?
CERT-EU
9 months ago
China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors
BankInfoSecurity
5 months ago
Chinese Nation-State Hacker Is Exploiting Cisco Routers
CISA
3 months ago
PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure | CISA
BankInfoSecurity
4 months ago
FBI and DOJ Disrupt Chinese Hacking Operation
DARKReading
5 months ago
Volt Typhoon-Linked SOHO Botnet Infects Multiple US Gov't Entities
CERT-EU
5 months ago
SecurityScorecard Threat Research : Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days – Global Security Mag Online
DARKReading
4 months ago
Feds Confirm Remote Killing of Volt Typhoon's SOHO Botnet