CN

BRONZE SPRINGBRONZE SPRING

Also known as: UNC302 · BRONZE SPRING

Origin
CN
Known aliases
2
Target sectors
9

Profile

BRONZE SPRING is a threat group that CTU researchers assess with high confidence operates on behalf of China in the theft of intellectual property from defense, engineering, pharmaceutical and technology companies. The threat group typically uses scan-and-exploit for initial access, deploys the China Chopper webshell for remote execution and persistence, and creates RAR archives with a '.jpg' file extension for data exfiltration. In July 2020 the U.S. Department of Justice indicted two Chinese hackers CTU researchers assess are members of the BRONZE SPRING threat group. The Department of Justice allege these hackers were responsible for compromising networks of hundreds of organisations and individuals in the U.S. and abroad since 2009, and that exfiltrated data would be passed to the Chinese Ministry of State Security or sold for financial gain.

Aliases· 2

UNC302BRONZE SPRING

Target sectors· 9

Information technologyMedicalCivil engineeringBusinessEducationGamingEnergyPharmaceuticalsDefense industrial base

Known victims· 11

  • United States
  • Australia
  • Belgium
  • Germany
  • Japan
  • Lithuania
  • Netherlands
  • Spain
  • South Korea
  • Sweden
  • United Kingdom

References

  1. https://www.justice.gov/opa/pr/two-chinese-hackers-working-ministry-state-security-charged-global-computer-intrusion
  2. https://www.justice.gov/opa/press-release/file/1295981/download
  3. https://www.justice.gov/opa/press-release/file/1295986/download
  4. https://intrusiontruth.wordpress.com/2021/05/06/an-apt-with-no-name
  5. https://twitter.com/MrDanPerez/status/1390285821786394624

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
BRONZE VAPOR
Actor
BRONZE EDGEWOOD
Actor
BRONZE HIGHLAND
Actor
BRONZE STARLIGHT
Actor
BRONZE SPIRAL
Actor
APT31
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.