BRONZE CANAL

BRONZE CANAL (also known as BlackTech, PLEAD, Shrouded Crossbow, Circuit Panda and Palmerworm) is a cyber espionage threat group assessed with moderate confidence to operate on behalf of China. The group has been active in the Asia region since 2010, and is noted for a targeting focus on Taiwan, Japan and Hong Kong. Third-party security vendors also report some targeting of U.S. organisations. BRONZE CANAL has been observed to deploy malware including Bifrose, PLEAD (TSCookie), Waterbear and, in 2021, GhostTimes and Flagpro. The group is also adept at using and adapting open source exploit tools for common internet facing systems, which may gain them a foothold into target networks. They also employ malware attachments with targeted phishing emails. Targets have included government, media, finance, defence, telecommunications, technology, foreign affairs and construction.