Bronze University

Threat Actor updated 4 months ago (2024-05-04T16:50:44.196Z)
Download STIX
Preview STIX
Bronze University, also known as Aquatic Panda, ControlX, RedHotel, and Earth Lusca, is a threat actor group believed to be a Chinese state-sponsored hacking operation. The group has been active since 2021, targeting government, aerospace, education, telecommunications, media, and research organizations across 17 countries, including the U.S., Taiwan, and India. This information comes from multiple sources, including SC Magazine's Threat Intelligence and Critical Infrastructure Security reports, as well as Recorded Future's news site, The Record. The group uses a variety of sophisticated tools for its operations, most notably the ShadowPad DLL loader (log.dll and iviewers.dll), ShadowPad C2 server, and encrypted payloads (log.dll.dat and iviewers.dll.dat). These tools allow Bronze University to infiltrate systems and networks, execute malicious actions, and maintain control over compromised assets. Notably, Dell SecureWorks has attributed one particular sample, named iviewers.dll.dat, to Bronze University, distinguishing it from other ShadowPad samples typically named log.dll.dat. The threat posed by Bronze University is significant due to its widespread activity, the critical nature of its targets, and its advanced toolset. The group's focus on critical infrastructure sectors and its ability to operate across international borders highlights the need for robust cybersecurity measures and international cooperation in combating such threats. Continued threat intelligence gathering and sharing will be crucial in understanding and mitigating the risks associated with Bronze University and similar threat actor groups.
Description last updated: 2024-02-16T10:23:19.757Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Redhotel
2
RedHotel is a prolific threat actor group, known for its espionage activities targeting organizations of interest to the Chinese government. The group has been active since at least 2019 and operates alongside other threat groups such as RedAlpha and Poison Carp. Researchers at Recorded Future have
Earth Lusca
2
Earth Lusca, a threat actor identified as being Chinese-speaking, has been active since at least the first half of 2023. The group primarily targets organizations in Southeast Asia, Central Asia, and the Balkans. Recently, it has expanded its arsenal with SprySOCKS Linux malware, a new addition that
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Payload
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
ShadowPadUnspecified
2
ShadowPad is a modular malware that has been utilized by various Chinese threat actors since at least 2017. It's a malicious software designed to infiltrate computer systems, often without the user's knowledge, and can cause significant damage by stealing personal information, disrupting operations,
Source Document References
Information about the Bronze University Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
BankInfoSecurity
7 months ago
OpenAI and Microsoft Terminate State-Backed Hacker Accounts
CERT-EU
a year ago
Global hacking campaign launched by Chinese hacking operation
Trend Micro
a year ago
Supply Chain Attack Targeting Pakistani Government Delivers Shadowpad
Secureworks
2 years ago
ShadowPad Malware Analysis
Secureworks
2 years ago
BRONZE STARLIGHT Ransomware Operations Use HUI Loader