BRONZE HIGHLAND

Also known as: Evasive Panda, Daggerfly, BRONZE HIGHLAND

BRONZE HIGHLAND has been observed using spearphishing as an initial infection vector to deploy the MgBot remote access trojan against targets in Hong Kong. Third party reporting suggests the threat group also targets India, Malaysia and Taiwan and leverages Cobalt Strike and KsRemote Android Rat. CTU researchers assess with moderate confidence that BRONZE HIGHLAND operates on behalf of China and has a remit covering espionage against domestic human rights and pro-democracy advocates and nations neighbouring China

🌍 Country China

Targeted Victims

Hong Kong Malaysia India Taiwan Macao Nigeria

Introduction

BRONZE HIGHLAND has been observed using spearphishing as an initial infection vector to deploy the MgBot remote access trojan against targets in Hong Kong. Third party reporting suggests the threat group also targets India, Malaysia and Taiwan and leverages Cobalt Strike and KsRemote Android Rat. CTU researchers assess with moderate confidence that BRONZE HIGHLAND operates on behalf of China and has a remit covering espionage against domestic human rights and pro-democracy advocates and nations neighbouring China

Activities and Tactics

Country of Origin: 🇨🇳 China

Suspected Victims: Hong Kong, Malaysia, India, Taiwan, Macao, Nigeria

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • Trojan.Karagany
  • China Chopper
  • RemoteCMD
  • Trojan.Mebromi
  • DroidJack
  • Androrat
  • Remote Utilities
  • RemotePC
  • Archelaus Beta
  • Cobalt Strike

Attribution and Evidence

Country of Origin: China Additional attribution information pending cataloguing.

References

References pending cataloguing.