Who is BRONZE EDGEWOOD?

BRONZE EDGEWOOD is a threat actor attributed to CN, also known as Red Hariasa. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does BRONZE EDGEWOOD exploit?

Specific CVE exploitation data for BRONZE EDGEWOOD is being tracked. Check the Strobes VI threat actor profile for updates.

BRONZE EDGEWOOD

Also known as: Red Hariasa

Exploited CVEs

Overview

In early 2021 CTU researchers observed BRONZE EDGEWOOD exploiting the Microsoft Exchange Server of an organization in Southeast Asia. The threat group deployed a China Chopper webshell and ran the Nishang Invoke-PowerShellTcp.ps1 script to connect back to C2 infrastructure. The threat group is publicly linked to malware families Chinoxy, PCShare and FunnyDream. CTU researchers have discovered that BRONZE EDGEWOOD also leverages Cobalt Strike in its intrusion activity. BRONZE EDGEWOOD has been active since at least 2018 and targets government and private enterprises across Southeast Asia. CTU researchers assess with moderate confidence that BRONZE EDGEWOOD operates on behalf the Chinese government and has a remit that covers political espionage.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database