 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
APT group: Roaming Tiger| Names | Roaming Tiger (ESET) Rotten Tomato (Sophos) CTG-7273 (SecureWorks) Bronze Woodland (SecureWorks) | |
| Country |  China | |
| Motivation | Information theft and espionage | |
| First seen | 2014 | |
| Description | (Palo Alto) In late 2014, ESET presented an attack campaign that had been observed over a period of time targeting Russia and other Russian speaking nations, dubbed “Roaming Tiger”. The attack was found to heavily rely on RTF exploits and at the time, thought to make use of the PlugX malware family. | |
| Observed | Countries: Belarus, Kazakhstan, Kyrgyzstan, Russia, Tajikistan, Ukraine, Uzbekistan. | |
| Tools used | BBSRAT, Gh0st RAT, PlugX. | |
| Operations performed | Aug 2015 | <https://unit42.paloaltonetworks.com/bbsrat-attacks-targeting-russian-organizations-linked-to-roaming-tiger/> |
| Information | <http://2014.zeronights.org/assets/files/slides/roaming_tiger_zeronights_2014.pdf> | |
Last change to this card: 10 August 2021
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |