Old RATs can still do the trick
One of the utilities the researchers say was used by the Bronze Union group last year is ZxShell - a remote access tool (RAT) whose source code was released in 2007 by its creator, someone called "LZX."
"Although various threat actors have created different variations of the RAT, the version used by BRONZE UNION in 2018 contained some previously unobserved properties," SecureWorks notes in a report shared with BleepingComputer. The update from the China-linked threat actor included a packet redirection tool called
HTran and was signed with certificates from
Hangzhou Shunwang Technology and its 2013 acquisition Shanghai Hintsoft.