A cyber-espionage threat actor believed to operate from China relies for its activities on publicly available tools. The group is known for hacking a data center belonging to a Central Asian country and compromising government websites. Researchers at SecureWorks Counter Threat Unit noticed that in 2017 and 2018 the threat actor used a vast collection of tools. Even if some of the tools were created over a decade ago, Bronze Union added code of their own to update it for modern operations. Researchers note that even if the actor’s proprietary tools typically have the advantage of low detection rates, they are mostly used during the first stages of the attack.
Source: https://www.bleepingcomputer.com/news/security/cyber-espionage-group-customizes-old-public-tools/