Bronze Vinewood

Threat Actor Profile Updated 13 days ago
Download STIX
Preview STIX
BRONZE VINEWOOD, also known as APT31, is a cyberespionage group believed to be of Chinese origin. This threat actor has been active in targeting various sectors in the United States, specifically the legal sector in 2017 and government and defense supply chain networks in 2018. The Secureworks® Counter Threat Unit™ (CTU) research team has been closely monitoring BRONZE VINEWOOD's activities, aiming to increase visibility and understanding of this threat group's operations. The group utilizes several tools in its campaigns, including HanaLoader and DropboxAES RAT. In 2017, CTU researchers analyzed a version of HanaLoader, which was likely used in a campaign targeting U.S. legal organizations. Despite its name, the DropboxAES RAT does not use the Advanced Encryption Standard (AES). BRONZE VINEWOOD is known to leverage native functionality such as net commands and scheduled tasks for lateral movement within compromised networks. Furthermore, the group employs DLL search-order hijacking to deliver HanaLoader and other malicious payloads. In 2018, BRONZE VINEWOOD demonstrated an expanded range of capabilities, including infecting targeted systems, stealing credentials, and moving laterally within a compromised environment. Interestingly, the group used legitimate executable files from software producers like Oracle and Norton to load malicious code. Overall, BRONZE VINEWOOD poses a significant threat due to its sophisticated techniques and persistent focus on high-value targets.
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
APT31
2
APT31, also known as Zirconium, is a threat actor group believed to be sponsored by the Chinese government. This group has been implicated in various cyber espionage activities across the globe. One of their notable exploits includes the cloning and use of an Equation Group exploit, EpMe (CVE-2017-0
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Bronze Vinewood Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Secureworks
a year ago
BRONZE VINEWOOD uses HanaLoader to target government supply chain
Secureworks
a year ago
DropboxAES Remote Access Trojan
CERT-EU
9 months ago
Air-gapped system attacks in Europe linked to Chinese hackers