CN

BRONZE EDGEWOODBRONZE EDGEWOOD

Also known as: Red Hariasa · BRONZE EDGEWOOD

Origin
CN
Known aliases
2

Profile

In early 2021 CTU researchers observed BRONZE EDGEWOOD exploiting the Microsoft Exchange Server of an organization in Southeast Asia. The threat group deployed a China Chopper webshell and ran the Nishang Invoke-PowerShellTcp.ps1 script to connect back to C2 infrastructure. The threat group is publicly linked to malware families Chinoxy, PCShare and FunnyDream. CTU researchers have discovered that BRONZE EDGEWOOD also leverages Cobalt Strike in its intrusion activity. BRONZE EDGEWOOD has been active since at least 2018 and targets government and private enterprises across Southeast Asia. CTU researchers assess with moderate confidence that BRONZE EDGEWOOD operates on behalf the Chinese government and has a remit that covers political espionage.

Aliases· 2

Red HariasaBRONZE EDGEWOOD

Known victims· 3

  • Kyrgyzstan
  • Malaysia
  • Vietnam

References

  1. https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf
  2. https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
BRONZE HIGHLAND
Actor
BRONZE SPRING
Actor
BRONZE VAPOR
Actor
BRONZE STARLIGHT
Actor
BRONZE SPIRAL
Actor
RedDelta
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.