Bronze President Spies on Asia

A cyber-espionage group dubbed Bronze President has been targeting countries in South and East Asia. 

Researchers at Secureworks' Counter Threat Unit (CTU) have observed the group spying on the activities of political and law enforcement organizations and NGOs. 

The threat group seems to have developed its own remote access tools, which it uses alongside publicly available remote access and post-compromise toolsets to gain entry to a network.

Using publicly available open-source tools could be a deliberate ploy by the group to cover its tracks and reduce the risk of attribution.

Once inside, the threat actors elevate their privileges and install malware on a large proportion of systems. Bronze President then runs custom batch scripts to collect specific file types and takes proactive steps to minimize detection of its activities.

The threat actors appear to be monitoring their targets as they steal data from compromised systems over a long period of time. Countries that have been targeted include India and Mongolia. 

Activity from the threat actors has been observed by Secureworks' researchers since mid-2018, but it's is thought that the group may have started causing trouble as early as 2014. 

Among the group's phishing lures, researchers found emails suggesting an interest in national security, humanitarian, and law enforcement organizations in East, South, and Southeast Asia.

Researchers believe the Bronze President group is operating from a base within the People's Republic of China (PRC). 

Connections were found between a subset of the group's operational infrastructure and PRC-based internet service providers. Further ..

Support the originator by clicking the read the rest link below.