BRONZE SILHOUETTE

Threat Actor updated a month ago (2024-10-07T18:01:15.277Z)

Download STIX

Preview STIX

Bronze Silhouette, also known as Volt Typhoon, is a state-sponsored cyberespionage group believed to be operating on behalf of the People's Republic of China (PRC). Notorious for its sophisticated and aggressive cyber tactics, Bronze Silhouette has been implicated in compromising critical infrastructure organizations. The group has targeted U.S. government and defense organizations, with a particular focus on utilities, energy-sector companies, military bases, telecom companies, and industrial sites. Their modus operandi involves planting foothold malware, preparing for potentially disruptive and destructive attacks down the line. In May 2023, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Cybersecurity Infrastructure Security Agency (CISA) issued a joint warning about Bronze Silhouette. This advisory was based on their incident response activities at compromised critical infrastructure organizations. The group uses small office/home office (SOHO) network devices to mask their activities, often running them off stolen or leased proxies, or via home or small office routers. Over a 37-day period, cybersecurity firm Secureworks observed Bronze Silhouette compromise nearly one-third of vulnerable Cisco routers. The threat from Bronze Silhouette continues to evolve and remains significant. The group has been linked to a zero-day exploit campaign against unpatched Versa Director systems. Black Lotus Labs attributed this campaign "with moderate confidence" to Bronze Silhouette and warned that these attacks are likely ongoing. Furthermore, officials have suggested that the group could use installed malware to trigger widespread disruptions, such as slowing any U.S. military response to a potential Chinese invasion of Taiwan. As such, it is imperative for organizations to heed warnings and take preventative actions against this persistent threat actor.

Description last updated: 2024-10-07T17:16:41.518Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Volt Typhoon is a possible alias for BRONZE SILHOUETTE. Volt Typhoon, a cyberespionage cluster sponsored by China, has emerged as a significant threat actor in the cybersecurity landscape. Known for its strong operational security and obfuscation of malware, Volt Typhoon is both a resilient botnet and a warning signal of potential critical infrastructure	6
Vanguard Panda is a possible alias for BRONZE SILHOUETTE. Vanguard Panda, also known as Volt Typhoon, Bronze Silhouette, Insidious Taurus, and APT41, is a cyberespionage group linked to the Chinese government. Since mid-2021, this threat actor has targeted critical infrastructure sectors including manufacturing, utility, maritime, and government entities i	3
Insidious Taurus is a possible alias for BRONZE SILHOUETTE. Insidious Taurus is a potent malware linked to the cyberespionage group Volt Typhoon, also known as Vanguard Panda, Bronze Silhouette, Dev-0391, UNC3236, and Voltzite. This group, believed to be state-sponsored by the People's Republic of China (PRC), has been implicated in numerous cyberattacks aga	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Chinese

State Sponso...

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the BRONZE SILHOUETTE Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	a month ago	Feds Probe Chinese 'Salt Typhoon' Hack of Major Telcos
BankInfoSecurity	3 months ago	Chinese Nation-State Attackers Tied to Versa Zero-Day Hit
Krebs on Security	3 months ago	New 0-Day Attacks Linked to China’s ‘Volt Typhoon’
BankInfoSecurity	6 months ago	Chinese Cyber Espionage Groups Tied to ORB Network Attacks
CISA	9 months ago	PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure \| CISA
DARKReading	10 months ago	China Infiltrates US Critical Infrastructure in Ramp-up to Conflict
DARKReading	10 months ago	Feds Confirm Remote Killing of Volt Typhoon's SOHO Botnet
BankInfoSecurity	10 months ago	How Long Will FBI's 'Volt Tycoon' Router Interdiction Stick?
InfoSecurity-magazine	10 months ago	US Thwarts Volt Typhoon Espionage Campaign Through Router Disruption
BankInfoSecurity	10 months ago	FBI and DOJ Disrupt Chinese Hacking Operation
BankInfoSecurity	10 months ago	Chinese Nation-State Hacker Is Exploiting Cisco Routers
CERT-EU	10 months ago	Chinese Nation State Hacker Is Exploiting Cisco Routers \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	10 months ago	SecurityScorecard Threat Research : Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days – Global Security Mag Online
DARKReading	a year ago	Volt Typhoon-Linked SOHO Botnet Infects Multiple US Gov't Entities
CERT-EU	a year ago	Novel techniques leveraged in Chinese hacking attacks against critical infrastructure
CERT-EU	a year ago	Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors
CERT-EU	a year ago	Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks