Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-06 00:16:27 UTC
Home > List all groups > Bronze Highland
 APT group: Bronze Highland
Names
Bronze Highland (SecureWorks)
Evasive Panda (Malwarebytes)
Daggerfly (Symantec)
Storm Cloud (Volexity)
StormBamboo (Volexity)
TAG-102 (Recorded Future)
TAG-112 (Recorded Future)
Digging Taurus (Palo Alto)
Country China
Sponsor State-sponsored
Motivation Information theft and espionage
First seen 2012
Description
(SecureWorks) BRONZE HIGHLAND has been observed using spearphishing as an
initial infection vector to deploy the MgBot remote access trojan against targets in
Hong Kong. Third party reporting suggests the threat group also targets India,
Malaysia and Taiwan and leverages Cobalt Strike and KsRemote Android Rat. CTU
researchers assess with moderate confidence that BRONZE HIGHLAND operates
on behalf of China and has a remit covering espionage against domestic human
rights and pro-democracy advocates and nations neighbouring China.
Observed
Sectors: Telecommunications and human rights and pro-democracy advocates.
Countries: China, Hong Kong, India, Macao, Malaysia, Myanmar, Nigeria,
Philippines, Taiwan, Tibet, Vietnam and Africa.
Tools used
CloudScout, Cobalt Strike, GIMMICK, Nightdoor, Macma, MgBot, KsRemote,
RELOADEXT, Living off the Land.
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=8c9d0ce1-0e92-4de2-b8e0-053b16ad37ed
Page 1 of 2

Operations performed
2020
Evasive Panda APT group delivers malware via updates for popular
Chinese software
Late 2021
Storm Cloud on the Horizon: GIMMICK Malware Strikes at macOS
2022
CloudScout: Evasive Panda scouting cloud services
Nov 2022
Daggerfly: APT Actor Targets Telecoms Company in Africa
Mid 2023
StormBamboo Compromises ISP to Abuse Insecure Software Update
Mechanisms
Sep 2023
Evasive Panda leverages Monlam Festival to target Tibetans
May 2024
China-Nexus TAG-112 Compromises Tibetan Websites to Distribute
Cobalt Strike
Jul 2024
Daggerfly: Espionage Group Makes Major Update to Toolset
Information
Last change to this card: 27 June 2025
Download this actor card in PDF or JSON format
Source: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=8c9d0ce1-0e92-4de2-b8e0-053b16ad37ed
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=8c9d0ce1-0e92-4de2-b8e0-053b16ad37ed
Page 2 of 2