chinaBRONZE PRESIDENT
Objectives
Aliases
Tools
SUMMARY
BRONZE PRESIDENT has been active since at least July 2018, and probably much longer. CTU researchers assess with high confidence that BRONZE PRESIDENT is based in China, and with moderate confidence that it is sponsored or at the very least tolerated by the Chinese government. The group has used proprietary and publicly available tools to compromise and collect data from non-governmental organizations (NGOs), creating multiple contingent access routes to maintain long term access to compromised systems. BRONZE PRESIDENT uses a range of tools including Cobalt Strike, China Chopper, PlugX and two tools that are believed to be exclusively tied to BRONZE PRESIDENT, dubbed RCSession and ORat.
Threat Analysis
BRONZE PRESIDENT Targets NGOsContact Us
Contact us directly whether your organization needs immediate assistance or you want to discuss your incident readiness, response, and testing needs.