On June 4, 2020, Google’s Threat Analysis Group reported active targeting of U.S. election campaigns by the Chinese BRONZE VINEWOOD (also known as APT31 and ZIRCONIUM) and Iranian COBALT ILLUSION (also known as APT35) threat groups. A Microsoft security researcher subsequently confirmed a high level of BRONZE VINEWOOD activity since early April 2020.
Despite evidence that BRONZE VINEWOOD has been active since at least 2017, very little information about the group has been publicly released. Secureworks® Counter Threat Unit™ (CTU) researchers have previously observed BRONZE VINEWOOD targeting legal, consulting, and software development organizations in the U.S. and Europe, particularly organizations that provide services to government and defense companies.
The threat actors’ primary focus is to steal information that could be valuable to the People’s Republic of China. They have leveraged intrusions to pivot to networks of the victims’ customers, highlighting the growing tactic of attacking a supply chain to reach an ultimate target.
To provide insight into some of BRONZE VINEWOOD’s previously observed tactics, techniques, and procedures (TTPs), CTU researchers are publicly releasing threat intelligence that was previously published to Secureworks clients:
Some of those observed techniques are not particularly novel but are highly effective:
Exploiting vulnerable third-party software and other techniques to gain initial access
Using online code and document repositories for command and control (C2) communications
Employing custom remote ..
Support the originator by clicking the read the rest link below.
