chinaBRONZE PALACE
Objectives
Aliases
Tools
SUMMARY
BRONZE PALACE has targeted government, defense and technology organizations globally. The group has historically leveraged the ‘ke3chang’ and ‘shfam9y’ variants of Enfal, as well as the Mirage trojan as part of its operations. In 2017, the RoyalCLI and RoyalDNS malware were reported in open source to have been used in an attack against a company that held information relevant to U.K. government departments and military technology.
Activity that was historically tracked under the BRONZE DAVENPORT and BRONZE IDLEWOOD threat groups has been amalgamated under BRONZE PALACE. CTU researchers assess with moderate confidence that BRONZE PALACE operates on behalf of China.
Threat Analysis
The Mirage CampaignContact Us
Contact us directly whether your organization needs immediate assistance or you want to discuss your incident readiness, response, and testing needs.