BRONZE UNION

Threat Actor updated 4 months ago (2024-05-04T22:18:14.486Z)

Download STIX

Preview STIX

Bronze Union, also known as APT27, Emissary Panda, Lucky Mouse, Iron Tiger, and Red Phoenix, is a threat actor with alleged connections to the Chinese government. The group has been observed targeting organizations across Europe, North and South America, Africa, the Middle East, and the Asia-Pacific region. Their activities have shown intersections with several other threat groups such as Winnti (APT41), TA428, RedFoxtrot, Mustang Panda, and Night Dragon. Specific code features attributed to Bronze Union were found in the HyperBro backdoor, and the Zupdax malware has been linked to both Bronze Union and TA428. In September 2023, new attacks were reported involving an updated SysUpdate toolkit deployed by Bronze Union against an Asian government and a Middle East-based telecommunications provider. This was not their first instance of targeting specific industries; a year earlier, in September 2022, they compromised Cobra DocGuard update files to target a Hong Kong-based gambling company. These actions demonstrate the group's broad range of targets and their persistent malicious activity. Bronze Union's tactics bear similarities to multiple Chinese nation-state groups like APT10 (aka Bronze Riverside, Potassium, or Stone Panda), APT27 (aka Bronze Union, Emissary Panda, or Lucky Mouse), and APT41 (aka Barium, Bronze Atlas, or Wicked Panda). Based on Bronze Union's targeting activity, it is assessed that the group likely focuses on political and defense organization networks. This ongoing threat underscores the need for robust cybersecurity measures and vigilance in monitoring potential threats.

Description last updated: 2024-05-04T22:03:16.363Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
APT27	2	APT27, also known as Iron Taurus, is a threat actor group suspected to be attributed to China. Engaging in cyber operations with the primary goal of intellectual property theft, APT27 targets organizations globally, with a focus on North and South America, Europe, and the Middle East. The group's mo
Emissary Panda	2	Emissary Panda, also known as APT27, Iron Tiger, Bronze Union, Lucky Mouse, and Budworm, is a notable threat actor linked to China. This group has been engaged in the theft of intellectual property from organizations in sectors that China perceives as being of vital strategic interest. The group has
Lucky Mouse	2	Lucky Mouse, also known as Emissary Panda, APT27, Threat Group 3390, Bronze Union, and several other names, is a malicious software (malware) attributed to a China-linked Advanced Persistent Threat (APT) group. This malware has been active since at least 2013, targeting various industry verticals fo

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the BRONZE UNION Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Multiple Chinese APTs are attacking European targets, EU cyber agency warns \| #ukscams \| #datingscams \| #european \| #datingscams \| #love \| #relationships \| #scams \| #pof \| #match.com \| #dating \| National Cyber Security Consulting
CERT-EU	a year ago	DDoS attack hits Russian flight booking system claimed by Ukrainian hackers
CERT-EU	a year ago	Asian government, telco targeted by Chinese APT
CERT-EU	a year ago	Previously unknown hacking group targets Hong Kong organizations in supply chain cyberattack
CERT-EU	a year ago	Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providers
MITRE	2 years ago	Emissary Panda – A potential new malicious tool
MITRE	2 years ago	Emissary Panda Attacks Middle East Government SharePoint Servers
MITRE	2 years ago	BRONZE UNION Cyberespionage Persists Despite Disclosures
CERT-EU	a year ago	Space Pirates: analyzing the tools and connections of a new hacker group