SYMBOLCOMMON_NAMEaka. SYNONYMS

BRONZE HIGHLAND  (Back to overview)

aka: Evasive Panda

BRONZE HIGHLAND has been observed using spearphishing as an initial infection vector to deploy the MgBot remote access trojan against targets in Hong Kong. Third party reporting suggests the threat group also targets India, Malaysia and Taiwan and leverages Cobalt Strike and KsRemote Android Rat. CTU researchers assess with moderate confidence that BRONZE HIGHLAND operates on behalf of China and has a remit covering espionage against domestic human rights and pro-democracy advocates and nations neighbouring China


Associated Families

There are currently no families associated with this actor.


References
2020-09-30MalwarebytesHossein Jazi, Jérôme Segura
@techreport{jazi:20200930:evasive:7d02ab3, author = {Hossein Jazi and Jérôme Segura}, title = {{Evasive Panda}}, date = {2020-09-30}, institution = {Malwarebytes}, url = {https://vb2020.vblocalhost.com/uploads/VB2020-43.pdf}, language = {English}, urldate = {2022-07-25} } Evasive Panda
MgBot BRONZE HIGHLAND Evasive Panda
2020-09-30Youtube (Virus Bulletin)Hossein Jazi, Jérôme Segura
@online{jazi:20200930:evasive:0a411f9, author = {Hossein Jazi and Jérôme Segura}, title = {{Evasive Panda}}, date = {2020-09-30}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=LeKi0KfzOow&list=PLffioUnqXWkdzWcZXH-bzPVgcs2R4r7iS&index=1&t=2154s}, language = {English}, urldate = {2022-07-25} } Evasive Panda
MgBot BRONZE HIGHLAND
2020-07-21Malwarebytes LabsHossein Jazi, Jérôme Segura
@online{jazi:20200721:chinese:1cac516, author = {Hossein Jazi and Jérôme Segura}, title = {{Chinese APT group targets India and Hong Kong using new variant of MgBot malware}}, date = {2020-07-21}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-analysis/2020/07/chinese-apt-group-targets-india-and-hong-kong-using-new-variant-of-mgbot-malware}, language = {English}, urldate = {2022-07-25} } Chinese APT group targets India and Hong Kong using new variant of MgBot malware
MgBot BRONZE HIGHLAND

Credits: MISP Project