BRONZE SILHOUETTE

Threat Actor updated 11 days ago (2024-08-27T15:17:50.683Z)

Download STIX

Preview STIX

Bronze Silhouette, also known as Volt Typhoon, Vanguard Panda, and Insidious Taurus, is a Chinese state-sponsored cyberespionage group that has been targeting U.S. government and defense organizations. The threat actor has been active since at least 2021, but it was only in May 2023 when the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Cybersecurity Infrastructure Security Agency (CISA) issued a joint warning about its activities. The group uses small office/home office (SOHO) network devices to mask their operations, often running them off stolen or leased proxies, or via home or small office routers. The group's activities escalated significantly when it began targeting critical infrastructure organizations, compromising nearly one-third of vulnerable Cisco routers over a 37-day period. The campaign involved the use of operational relay box networks (ORBs), which have become a common tool for Beijing-affiliated cyberespionage groups like Bronze Silhouette. This marked a shift in the group's focus towards utilities, energy-sector companies, military bases, telecom companies, and industrial sites with the intent of planting foothold malware for potential disruptive and destructive attacks. In response to this escalating threat, U.S. authoring agencies including CISA, NSA, FBI, and other partners have released an advisory to warn critical infrastructure organizations. They are urging these organizations to take preventative actions against the sophisticated tactics employed by Bronze Silhouette. The advisory is based on observations from incident response activities at compromised organizations. The ultimate goal of these attacks appears to be the creation of widespread disruptions, potentially slowing U.S. military responses to geopolitical events such as a hypothetical Chinese invasion of Taiwan.

Description last updated: 2024-08-27T15:15:43.854Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Volt Typhoon	6	Volt Typhoon, a China-sponsored threat actor group identified as one of the most dangerous and persistent nation-state actors by security researchers and the U.S. government, has been active since at least mid-2021, carrying out cyber operations against critical infrastructure. The group is known fo
Vanguard Panda	3	Vanguard Panda, also known as Volt Typhoon, Bronze Silhouette, Insidious Taurus, and APT41, is a cyberespionage group linked to the Chinese government. Since mid-2021, this threat actor has targeted critical infrastructure sectors including manufacturing, utility, maritime, and government entities i
Insidious Taurus	3	Insidious Taurus is a potent malware linked to the cyberespionage group Volt Typhoon, also known as Vanguard Panda, Bronze Silhouette, Dev-0391, UNC3236, and Voltzite. This group, believed to be state-sponsored by the People's Republic of China (PRC), has been implicated in numerous cyberattacks aga

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

State Sponso...

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the BRONZE SILHOUETTE Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	10 days ago	Chinese Nation-State Attackers Tied to Versa Zero-Day Hit
Krebs on Security	11 days ago	New 0-Day Attacks Linked to China’s ‘Volt Typhoon’
BankInfoSecurity	4 months ago	Chinese Cyber Espionage Groups Tied to ORB Network Attacks
CISA	7 months ago	PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure \| CISA
DARKReading	7 months ago	China Infiltrates US Critical Infrastructure in Ramp-up to Conflict
DARKReading	7 months ago	Feds Confirm Remote Killing of Volt Typhoon's SOHO Botnet
BankInfoSecurity	7 months ago	How Long Will FBI's 'Volt Tycoon' Router Interdiction Stick?
InfoSecurity-magazine	7 months ago	US Thwarts Volt Typhoon Espionage Campaign Through Router Disruption
BankInfoSecurity	7 months ago	FBI and DOJ Disrupt Chinese Hacking Operation
BankInfoSecurity	8 months ago	Chinese Nation-State Hacker Is Exploiting Cisco Routers
CERT-EU	8 months ago	Chinese Nation State Hacker Is Exploiting Cisco Routers \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	8 months ago	SecurityScorecard Threat Research : Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days – Global Security Mag Online
DARKReading	9 months ago	Volt Typhoon-Linked SOHO Botnet Infects Multiple US Gov't Entities
CERT-EU	a year ago	Novel techniques leveraged in Chinese hacking attacks against critical infrastructure
CERT-EU	a year ago	Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors
CERT-EU	a year ago	Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks