Stormbamboo

Threat Actor updated 19 days ago (2024-11-29T14:49:07.375Z)
Download STIX
Preview STIX
StormBamboo, also known as Evasive Panda, Daggerfly, or Bronze Highland, is a threat actor group linked to China and has been operational since at least 2012. The group's primary objective is cyberespionage against entities opposing China's interests, including independence movements such as those in the Tibetan diaspora, religious and academic institutions in Taiwan and Hong Kong, and supporters of democracy in China. This advanced persistent threat (APT) group targets civil society organizations and uses complex methods to deploy malware, focusing on software vendors with insecure update mechanisms. In August, StormBamboo successfully compromised an undisclosed internet service provider (ISP), as reported by Volexity researchers. The threat actor group used this access to poison DNS responses for targeted organizations, effectively manipulating software update mechanisms to deliver malware. During one incident, it was discovered that StormBamboo poisoned DNS requests to deploy malware via an HTTP automatic update mechanism and poison responses for legitimate hostnames that were used as second-stage, command-and-control (C2) servers. The DNS records were poisoned to resolve to an attacker-controlled server in Hong Kong at IP address 103.96.130[.]107. Initially, it was suspected that the victim organization’s firewall may have been compromised. However, further investigation revealed that StormBamboo had actually infiltrated the ISP itself, showcasing its sophisticated tactics and ability to exploit vulnerabilities in cybersecurity infrastructure. This highlights the significant threat posed by StormBamboo and similar APT groups, necessitating heightened vigilance and robust security measures within ISPs and other potential target organizations.
Description last updated: 2024-11-11T14:46:38.067Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Evasive Panda is a possible alias for Stormbamboo. Evasive Panda, also known as StormBamboo, Daggerfly, or Bronze Highland, is a threat actor group linked to China that has been operating since at least 2012. The group primarily focuses on cyber espionage against civil society targets and has demonstrated significant technical capabilities. They hav
3
Daggerfly is a possible alias for Stormbamboo. DaggerFly, also known as Evasive Panda and StormBamboo, is a Chinese-speaking Advanced Persistent Threat (APT) group that has been active since at least 2012. The group is recognized for its cyber espionage activities against individuals and organizations in mainland China, Hong Kong, Macao, Nigeria
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
DNS
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Stormbamboo Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more