Emperor Dragonfly

Threat Actor updated 4 months ago (2024-07-22T15:18:10.370Z)

Download STIX

Preview STIX

Emperor Dragonfly, also known as Bronze Starlight or Storm-0401, is a threat actor group linked to China that has been identified as deploying various ransomware payloads. This group targets sectors such as gambling within Southeast Asia. The cybersecurity industry uses different names for the same threat actor due to lack of standardization, which can sometimes cause confusion when tracking and attributing cyber threats. During our investigation, we found connections in the forensic data within our telemetry that suggest a low-confidence attribution level link between RA World and Bronze Starlight (aka Emperor Dragonfly). This information was gathered from multiple sources, including Malpedia and Sygnia, who have published detailed reports on the activities of this threat actor. These findings highlight the complex web of relationships that often exist within the world of cyber threats. Cybersecurity firm SentinelOne has observed the tactics, techniques, and procedures used by Emperor Dragonfly, asserting their involvement in numerous cyber attacks. The group has been associated with the use of short-lived, sophisticated hacking strategies. As the digital landscape continues to evolve, understanding and mitigating the risks posed by such threat actors is paramount for maintaining robust cybersecurity defenses.

Description last updated: 2024-07-22T15:16:51.727Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Bronze Starlight is a possible alias for Emperor Dragonfly. Bronze Starlight, a Chinese threat actor group, has been linked to various malicious activities in the cybersecurity landscape. The group is known for deploying different types of ransomware payloads, including traditional ransomware schemes such as LockFile and name-and-shame models. Bronze Starlig	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Emperor Dragonfly Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Unit42	4 months ago	From RA Group to RA World: Evolution of a Ransomware Group
Securityaffairs	a year ago	Bronze Starlight targets the Southeast Asian gambling sector - Security Affairs
CERT-EU	a year ago	China-Linked Bronze Starlight Group Targeting Gambling Sector with Cobalt Strike Beacons – GIXtools