Bronze University

Threat Actor updated 23 days ago (2024-11-29T14:05:59.055Z)
Download STIX
Preview STIX
Bronze University, also known as Aquatic Panda, ControlX, RedHotel, and Earth Lusca, is a threat actor group believed to be a Chinese state-sponsored hacking operation. The group has been active since 2021, targeting government, aerospace, education, telecommunications, media, and research organizations across 17 countries, including the U.S., Taiwan, and India. This information comes from multiple sources, including SC Magazine's Threat Intelligence and Critical Infrastructure Security reports, as well as Recorded Future's news site, The Record. The group uses a variety of sophisticated tools for its operations, most notably the ShadowPad DLL loader (log.dll and iviewers.dll), ShadowPad C2 server, and encrypted payloads (log.dll.dat and iviewers.dll.dat). These tools allow Bronze University to infiltrate systems and networks, execute malicious actions, and maintain control over compromised assets. Notably, Dell SecureWorks has attributed one particular sample, named iviewers.dll.dat, to Bronze University, distinguishing it from other ShadowPad samples typically named log.dll.dat. The threat posed by Bronze University is significant due to its widespread activity, the critical nature of its targets, and its advanced toolset. The group's focus on critical infrastructure sectors and its ability to operate across international borders highlights the need for robust cybersecurity measures and international cooperation in combating such threats. Continued threat intelligence gathering and sharing will be crucial in understanding and mitigating the risks associated with Bronze University and similar threat actor groups.
Description last updated: 2024-02-16T10:23:19.757Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Redhotel is a possible alias for Bronze University. RedHotel is a prolific threat actor group, known for its espionage activities targeting organizations of interest to the Chinese government. The group has been active since at least 2019 and operates alongside other threat groups such as RedAlpha and Poison Carp. Researchers at Recorded Future have
2
Earth Lusca is a possible alias for Bronze University. Earth Lusca, a threat actor believed to be part of the China-backed Winnti collective, has been active since at least 2019 and is known for its cyber-espionage activities. The group primarily targets government organizations in Asia, Latin America, and other regions. Recently, it has expanded its ar
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Payload
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The ShadowPad Malware is associated with Bronze University. ShadowPad is a sophisticated malware, known for its use in supply chain attacks, particularly against government entities in South Asia. This modular backdoor, which has been active for approximately seven years, is popular among Chinese threat actors. It was notably used as the payload in an attackUnspecified
2
Source Document References
Information about the Bronze University Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more