Iron Taurus

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Iron Taurus, also known as APT27, is a malware that has been linked to various cyber-espionage activities. This malicious software is designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. Iron Taurus is associated with Chinese nation-state threat actors and has been identified as part of a shared Chinese APT operational infrastructure, used in conjunction with other malwares such as Starchy Taurus (aka Winnti) and Stately Taurus (aka Mustang Panda). One notable operation involving Iron Taurus was Operation Iron Tiger, which was carried out in 2015. This operation was attributed to Iron Taurus according to reports by ERAI and Malpedia. During this operation, the malware was reportedly used to exploit vulnerabilities and gain unauthorized access to targeted systems. This shows the malware's capability to be utilized in large-scale, coordinated cyber attacks. The use of AspxSpy web shells was a significant aspect of Iron Taurus's methodology in Operation Iron Tiger. These web shells, which provide a hacker with remote control over a compromised system, were employed effectively by Iron Taurus. Experts have noted similarities between the AspxSpy web shells used by Iron Taurus and those employed by another malware, Gelsemium, indicating possible shared tactics or collaboration between different threat actors.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Iron Tiger
3
Iron Tiger, also known as Iron Taurus or APT27, is a threat actor group known for executing malicious actions with the intent of espionage. The group became prominent after its involvement in Operation Iron Tiger, which was reported in 2015. This operation was a series of Chinese cyber-espionage att
APT27
2
APT27, also known as Iron Taurus, is a Chinese threat actor group that primarily engages in cyber operations with the goal of intellectual property theft. The group targets multiple organizations worldwide, including those in North and South America, Europe, and the Middle East. APT27 utilizes vario
Taurus
1
Taurus is a malicious software (malware) that has been associated with multiple cyber threat actors, notably Stately Taurus, Iron Taurus, and Starchy Taurus, all of which have connections to Chinese Advanced Persistent Threats (APTs). The malware is designed to infiltrate systems and steal personal
Winnti
1
Winnti, a threat actor or group also known as Starchy Taurus and APT41, has been active since at least 2007, first identified by Kaspersky in 2013. This Chinese state-sponsored entity is renowned for its ability to target supply chains of legitimate software to disseminate malware. The group is link
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ASPXSpyUnspecified
2
ASPXSpy is a type of malware, specifically a web shell, that has been used by various threat actors to exploit and damage computer systems. The earliest deployment attempts date back to 2022 when this malicious software was deployed to multiple hosted websites. It's typically installed on vulnerable
Stately TaurusUnspecified
2
Stately Taurus, also known as Mustang Panda, Bronze President, Red Delta, LuminousMoth, Earth Preta, and Camaro Dragon, is a potent malware linked to Chinese Advanced Persistent Threat (APT) activities. The first signs of its operation date back to at least 2012, with notable activity traced to Marc
GelsemiumUnspecified
1
Gelsemium is a sophisticated malware associated with Advanced Persistent Threat (APT) activities. It is known for its stealthy operations and the use of server-side exploits to deploy a web shell and multiple custom tools on targeted systems. The malware has been used in cyber-attacks against variou
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Mustang PandaUnspecified
2
Mustang Panda, also known as Bronze President, Nomad Panda, Naikon, Earth Preta, and Stately Taurus, is a Chinese-aligned threat actor that has been associated with widespread attacks against various countries in the Asia-Pacific region. The group's malicious activities were first traced back to Mar
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Iron Taurus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
BankInfoSecurity
2 months ago
Active Chinese Cyberespionage Campaign Rifling Email Servers
Unit42
2 months ago
Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia
Securityaffairs
10 months ago
Is Gelsemium APT behind an attack in Southeast Asian Govt?
Unit42
10 months ago
Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government