BRONZE MAYFAIR

BRONZE MAYFAIR (also known as APT3) targets information held by organizations in the technology provider, financial services, manufacturing, defense and government verticals. It has been active since at least 2006, and its targeting ranges from focused spearphishing campaigns to large-scale spam campaigns. Although the threat group's tools (including use of the Pirpi backdoor) have remained stable for several years, its infrastructure is highly volatile and changes frequently. In 2017, the activities of BRONZE MAYFAIR were publicly attributed to a Guangzhou-based contractor known as Boyusec, who is reported to have been sponsored by the Ministry of State Security, China. In November 2017, the U.S. Department of Justice indicted three individuals it said were employees of Boyusec and had been involved in cyber intrusions for the purposes of intellectual property theft.