BRONZE PALACE

BRONZE PALACE has targeted government, defense, and technology organizations globally. The group has historically leveraged the ke3chang and shfam9y variants of Enfal, as well as the Mirage trojan. In 2017, BRONZE PALACE reportedly used the RoyalCLI and RoyalDNS malware families in an attack against a company that held information relevant to UK government departments and military technology. Activity that was historically tracked under the BRONZE DAVENPORT and BRONZE IDLEWOOD threat groups has been amalgamated under BRONZE PALACE. CTU researchers assess with moderate confidence that BRONZE PALACE operates on behalf of China.