BRONZE SILHOUETTE

Threat Actor Profile Updated 2 months ago

Download STIX

Preview STIX

Bronze Silhouette, also known as Volt Typhoon, Vanguard Panda, Dev-0391, UNC3236, Voltzite, and Insidious Taurus, is a state-sponsored cyberespionage group linked to the People's Republic of China (PRC). The threat actor group has been active since at least 2021, targeting US government entities, defense organizations, and critical infrastructure sectors such as utilities, energy companies, military bases, telecom companies, and industrial sites. In recent activities, it has adopted operational relay box networks (ORBs), often running them off stolen or leased proxies, or via home or small office routers, to conduct its operations. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), along with partners including Secureworks, have released an advisory warning critical infrastructure organizations about Bronze Silhouette. This assessment is based on observations from incident response activities at compromised organizations. The STRIKE Team has also been tracking and identifying covert infrastructure linked to the group's campaign following the publication of reports of new activity attributed to Bronze Silhouette. Over a 37-day period, the cybersecurity firm observed Bronze Silhouette compromise nearly one-third of vulnerable Cisco routers. The group has installed malware that could potentially be used for widespread disruptions, such as slowing down any U.S. military response to a hypothetical Chinese invasion of Taiwan. As part of a broader Chinese effort, Bronze Silhouette continues to infiltrate various sectors to plant foothold malware, preparing for potential disruptive and destructive attacks in the future.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Volt Typhoon	5	Volt Typhoon, a threat actor linked to China, has been identified as a significant cyber threat with strong operational security. Known for their sophisticated Advanced Persistent Threat (APT) activities, this group has been associated with the KV-Botnet and has remained undetected within U.S. infra
Vanguard Panda	3	Vanguard Panda, also known as Volt Typhoon, Bronze Silhouette, Insidious Taurus, and APT41, is a cyberespionage group linked to the Chinese government. Since mid-2021, this threat actor has targeted critical infrastructure sectors including manufacturing, utility, maritime, and government entities i
Insidious Taurus	2	Insidious Taurus, a malicious software, is part of the cyber arsenal deployed by Volt Typhoon, a state-sponsored cyberespionage group linked to the Chinese government. This malware is designed to infiltrate and damage computer systems, often gaining entry through suspicious downloads, emails, or web
APT41	1	APT41, also known as Winnti, Wicked Panda, and Wicked Spider, is a sophisticated threat actor attributed to China. This group has been active since at least 2012, targeting organizations across 14 countries. The group is known for its extensive use of various code families and tools, with at least 4

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

State Sponso...

Malware

Cybercrime

Chinese

Espionage

LOTL

Cisco

Exploits

Lateral Move...

Manageengine

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the BRONZE SILHOUETTE Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
BankInfoSecurity	2 months ago	Chinese Cyber Espionage Groups Tied to ORB Network Attacks
CISA	5 months ago	PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure \| CISA
DARKReading	6 months ago	China Infiltrates US Critical Infrastructure in Ramp-up to Conflict
DARKReading	6 months ago	Feds Confirm Remote Killing of Volt Typhoon's SOHO Botnet
BankInfoSecurity	6 months ago	How Long Will FBI's 'Volt Tycoon' Router Interdiction Stick?
InfoSecurity-magazine	6 months ago	US Thwarts Volt Typhoon Espionage Campaign Through Router Disruption
BankInfoSecurity	6 months ago	FBI and DOJ Disrupt Chinese Hacking Operation
BankInfoSecurity	6 months ago	Chinese Nation-State Hacker Is Exploiting Cisco Routers
CERT-EU	6 months ago	Chinese Nation State Hacker Is Exploiting Cisco Routers \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	7 months ago	SecurityScorecard Threat Research : Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days – Global Security Mag Online
DARKReading	7 months ago	Volt Typhoon-Linked SOHO Botnet Infects Multiple US Gov't Entities
CERT-EU	a year ago	Novel techniques leveraged in Chinese hacking attacks against critical infrastructure
CERT-EU	a year ago	Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors
CERT-EU	a year ago	Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks