Introduction
BRONZE BUTLER is a cyber espionage group with likely Chinese origins that has been active since at least 2008. The group primarily targets Japanese organizations, particularly those in government, biotechnology, electronics manufacturing, and industrial chemistry. Trend Micro Daserf Nov 2017 Secureworks BRONZE BUTLER Oct 2017 Trend Micro Tick November 2019
Activities and Tactics
Targeted Sectors: Infrastructure, Industrial, Manufacturing, Diplomacy, News - Media, Political party, Engineering, Private sector
Country of Origin: π¨π³ China
Incident Type: Espionage
Suspected Victims: Japan, China, South Korea, Russian Federation
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
Information pending cataloguing.
Attribution and Evidence
Country of Origin: China Additional attribution information pending cataloguing.
References
[1] MITRE ATT&CK MITRE ATT&CK entry [2] Trend Micro Daserf Nov 2017 [3] Secureworks BRONZE BUTLER Oct 2017 [4] Trend Micro Tick November 2019
Recent News
Latest articles from security news feeds mentioning this actor.
- Iranian hackers blamed for breach of Los Angeles transit system that took weeks to recover TechCrunch - 2026-05-26T
- Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning The Hacker News - 2026-05-26T
- Tracking Iranian APT Screening Serpensβ 2026 Espionage Campaigns Unit 42 - 2026-05-22T