BRONZE BARTON

BRONZE BARTON has been active since at least 2021 and targets political organizations for intelligence-gathering purposes. CTU researchers assess with moderate confidence that they operate in alignment with PRC intelligence requirements. The group exploits vulnerable internet-facing servers to gain initial access and deploys a web shell for persistence.

BRONZE BARTON routes their command and control communications through a third-party proxy network that CTU researchers track as BRONZE COTTAGE. BRONZE BARTON is adept at moving between on-premises and cloud-based environments to access and exfiltrate data in support of their intelligence collection goals.