BRONZE PALACE

BRONZE PALACE has targeted government, defense and technology organizations globally. The group has historically leveraged the ‘ke3chang’ and ‘shfam9y’ variants of Enfal, as well as the Mirage trojan as part of its operations. In 2017, the RoyalCLI and RoyalDNS malware were reported in open source to have been used in an attack against a company that held information relevant to U.K. government departments and military technology.

Activity that was historically tracked under the BRONZE DAVENPORT and BRONZE IDLEWOOD threat groups has been amalgamated under BRONZE PALACE. CTU researchers assess with moderate confidence that BRONZE PALACE operates on behalf of China.