BRONZE SILHOUETTE

BRONZE SILHOUETTE has been active since at least 2021 and primarily targets U.S government and defense organizations for intelligence-gathering purposes. The group exploits vulnerable internet-facing servers to gain initial access and typically deploys a web shell for persistence. BRONZE SILHOUETTE has demonstrated careful consideration for operational security such as the use of living-off-the-land binaries, defense evasion techniques, and compromised infrastructure to prevent detection and attribution of their intrusion activity, and to blend in with legitimate network activity.

CTU researchers assess with moderate confidence that BRONZE SILHOUETTE is operating on behalf the People’s Republic of China. This assessment is based on victimology that aligns with PRC intelligence requirements, and tradecraft overlap with other state-sponsored Chinese threat groups tracked by CTU researchers.