← All Threat Actors
Threat Actor Profile

BRONZE STARLIGHT

Cinnamon Tempest DEV-0401 Emperor Dragonfly SLIME34
▲ High Threat
BRONZE STARLIGHT has been active since mid 2021 and targets organizations globally across a range of industry verticals. The group leverages HUI Loader to load Cobalt Strike and PlugX payloads for command and control. CTU researchers have observed BRONZE STARLIGHT deploying ransomware to compromised networks as part of name-and-shame ransomware schemes, and posted victim names to leak sites. CTU researchers assess with moderate confidence that BRONZE STARLIGHT is located in China based on observed tradecraft, including the use of HUI Loader and PlugX which are associated with China-based threat group activity. It is plausible that BRONZE STARLIGHT deploys ransomware as a smokescreen rather than for financial gain, with the underlying motivation of stealing intellectual property theft or conducting espionage.
Origin China

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD