BRONZE THORNWELL

BRONZE THORNWELL (aka Thrip) is a China-based threat group that have been active since at least 2013 and appear to have a targeting intent towards Defence, Satellite and Telecoms organizations. Public reporting has linked the group's intent to organizations involved in geospatial imaging (including systems running MapXtreme GIS (Geographic Information System)) and satellite communications operations (including computers running software that monitors and controls satellites). CTU researchers assess with moderate confidence that the group's intent is data theft / espionage, however the possibility of the the group having a disruptive intent cannot be ruled out. BRONZE THORNWELL leverage custom trojans Catchamas and Rikamanu; and heavily use living of the land techniques post-compromise.