Since 2016, an advanced threat group that Cisco Talos is tracking has carried out cyberattacks against South Korea and Japan. This group is known by several different names: Tick, Redbaldknight and Bronze Butler.  Although each campaign employed custom tools, Talos has observed recurring patterns in the actor’s use of infrastructure, from overlaps in hijacked command and control (C2) domains to differing campaign C2s resolving to the same IP.

Tracking Tick Through Recent Campaigns Targeting East Asia