Operation Iron Tiger: Valuable information stolen from governments and corporates

The Operation Iron Tiger APT is an advanced persistent threat which has been targeting government and corporate environments for years. The first report which was made public about the Operation Iron Tiger APT was published in 2010.

The Operation Iron Tiger threat actors mainly focus on stealing valuable information from government defense contractors and contractors which are related to those companies or bodies.

The threat actors behind the “Operation Iron Tiger APT” have been dubbed ‘Emissary Panda’ and ‘Threat Group-3390’.

The Trend Micro report states that they have seen a major shift in the Geo graphical activity of the Operation Iron Tiger APT. Trend Micro her team thinks that Iron Tiger is part of a bigger campaign where specific targets are assigned to various hacking teams.

Which makes this attack very interesting is the fact that the threat actors have used legitimate environments to host their C&C servers.

The threat actors have been identified on the following legitimate environments:

  • Google Blogspot
  • Google Cloud Platform

You can use the following SHA1 values to find more indicators: 

  • FileHash-SHA1 5b638171811412b570ed500803ceca5ed85580ff
  • FileHash-SHA1 4df17c9e64f7277538141e384d4a372c60787f1a
  • FileHash-SHA1 126a5972a0f6b0a5b0a2b52d7d848e8a9824f562
  • FileHash-SHA1 0ad2796b1312af4db975a3978ede19e939e42846
  • FileHash-SHA1 7875ec1ffad546476defe5ad3e87930e7fa7ba95
  • FileHash-SHA1 75f098d6b3f217aba4c068b12896c332216fc6b3
  • FileHash-SHA1 396af3ae018a9e251a832cce8aae1bcaa11cdc05
  • FileHash-SHA1 08afa64b23288c0414b379cb4e67c1a8dabea033
  • FileHash-SHA1 d72ef43059ad0d5b4fc1e218e5257439ac006308
  • FileHash-SHA1 11348a72a0864c6c455a535d5d7bde2997270266
  • FileHash-SHA1 d3fb95d0eeccd99c475c6b985a6c911bed69f50d
  • FileHash-SHA1 ec0c179903e413490cec41c522ba612737d38c4a
  • FileHash-SHA1 45ff712ae34512a9ac70060cec62a9b85f62804b
  • FileHash-SHA1 b9f67198ffa311aecb85e9914cdd96d99ecbdf3c
  • FileHash-SHA1 c3f5d5d52890fe72bd2fc4c08aaf538da73016d7
  • FileHash-SHA1 96d6a67227a6d650ab8c5465cb4b091217e75a5f
  • FileHash-SHA1 eeec12cb0dcc7c77a4ecee9facd2ccc1f3e2d93c
  • FileHash-SHA1 afce5e56fc9bd1774d0cbbab1df205d0152fc632
  • FileHash-SHA1 8c8f12ae866c38931e19d67fadc19bd18aaf0865
  • FileHash-SHA1 9484bb1b1c0e39355a66b20fc361846ce1f063e0
  • FileHash-SHA1 3bcd90785ff5883bc460a74eca3bf9033a542335
  • FileHash-SHA1 b27277142f4b4f71a757630a730314daae9ecfeb
  • FileHash-SHA1 7b34f24703b5415bc46fdab3801ac79e3e82242a
  • FileHash-SHA1 50d2fef4e680072441084053773350d9ba60cac6
  • FileHash-SHA1 1f8dec3ea9b25de862a11b4d807f0d8de00c7972
  • FileHash-SHA1 6bcd525bb425dbb7fbc79dd6a605fac8f925b0cb
Founder of Cyberwarzone.com.