Bronze Vinewood

Threat Actor updated 23 days ago (2024-11-29T14:30:17.721Z)
Download STIX
Preview STIX
BRONZE VINEWOOD, also known as APT31, is a cyberespionage group believed to be of Chinese origin. This threat actor has been active in targeting various sectors in the United States, specifically the legal sector in 2017 and government and defense supply chain networks in 2018. The Secureworks® Counter Threat Unit™ (CTU) research team has been closely monitoring BRONZE VINEWOOD's activities, aiming to increase visibility and understanding of this threat group's operations. The group utilizes several tools in its campaigns, including HanaLoader and DropboxAES RAT. In 2017, CTU researchers analyzed a version of HanaLoader, which was likely used in a campaign targeting U.S. legal organizations. Despite its name, the DropboxAES RAT does not use the Advanced Encryption Standard (AES). BRONZE VINEWOOD is known to leverage native functionality such as net commands and scheduled tasks for lateral movement within compromised networks. Furthermore, the group employs DLL search-order hijacking to deliver HanaLoader and other malicious payloads. In 2018, BRONZE VINEWOOD demonstrated an expanded range of capabilities, including infecting targeted systems, stealing credentials, and moving laterally within a compromised environment. Interestingly, the group used legitimate executable files from software producers like Oracle and Norton to load malicious code. Overall, BRONZE VINEWOOD poses a significant threat due to its sophisticated techniques and persistent focus on high-value targets.
Description last updated: 2024-05-04T16:14:00.716Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
APT31 is a possible alias for Bronze Vinewood. APT31, also known as Zirconium, is a threat actor believed to be linked to the Chinese government. This group has been associated with numerous cyber attacks, including a significant exploit of CVE-2017-0005. This exploit, dubbed "Jian," was initially attributed to APT31 but upon further analysis by
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Bronze Vinewood Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more