Security News > 2020 > January > Chinese Cyber-Espionage Group Targeted NGOs for Years
Referred to as BRONZE PRESIDENT, the group may have been active since at least 2014, also targeting political and law enforcement organizations and using both proprietary and publicly available tools to monitor the activity of targeted organizations, discredit their work, or steal their intellectual property.
BRONZE PRESIDENT targets NGOs that conduct research on issues relevant to China, the group's infrastructure is linked to entities in China, a subset of the group's operational infrastructure is linked to China-based Internet service providers, and the hackers leverage tools such as PlugX, which have historically been used by Chinese threat groups.
Although the group appears sponsored or at least tolerated by the Chinese government, its "Systemic long-term targeting of NGO and political networks does not align with patriotic or criminal threat groups," Secureworks researchers note.
In addition to custom batch scripts, BRONZE PRESIDENT was observed using tools such as the Cobalt Strike penetration testing tool, the PlugX remote access trojan, ORat loader, the RCSession basic RAT, Nbtscan command-line tool, Nmap network scanning tool, and Wmiexec.
"BRONZE PRESIDENT has demonstrated intent to steal data from organizations using tools such as Cobalt Strike, PlugX, ORat, and RCSession. The concurrent use of so many tools during a single intrusion suggests that the group could include threat actors with distinct tactics, roles, and tool preferences. It is likely that BRONZE PRESIDENT has additional unobserved operational tools and capabilities," Secureworks concludes.
News URL
Related news
- Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign' (source)
- FBI confirms China-linked cyber espionage involving breached telecom providers (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks (source)
- Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage (source)