Iron Taurus

Malware updated 6 months ago (2024-05-23T15:17:35.802Z)

Download STIX

Preview STIX

Iron Taurus, also known as APT27, is a malware that has been linked to various cyber-espionage activities. This malicious software is designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. Iron Taurus is associated with Chinese nation-state threat actors and has been identified as part of a shared Chinese APT operational infrastructure, used in conjunction with other malwares such as Starchy Taurus (aka Winnti) and Stately Taurus (aka Mustang Panda). One notable operation involving Iron Taurus was Operation Iron Tiger, which was carried out in 2015. This operation was attributed to Iron Taurus according to reports by ERAI and Malpedia. During this operation, the malware was reportedly used to exploit vulnerabilities and gain unauthorized access to targeted systems. This shows the malware's capability to be utilized in large-scale, coordinated cyber attacks. The use of AspxSpy web shells was a significant aspect of Iron Taurus's methodology in Operation Iron Tiger. These web shells, which provide a hacker with remote control over a compromised system, were employed effectively by Iron Taurus. Experts have noted similarities between the AspxSpy web shells used by Iron Taurus and those employed by another malware, Gelsemium, indicating possible shared tactics or collaboration between different threat actors.

Description last updated: 2024-05-23T15:16:26.748Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Iron Tiger is a possible alias for Iron Taurus. Iron Tiger, also known as Iron Taurus or APT27, is a threat actor group believed to be aligned with China. The group has been involved in numerous cyber-espionage campaigns, targeting various entities including United States defense contractors and other international organizations. Their activities	3
APT27 is a possible alias for Iron Taurus. APT27, also known as Emissary Panda or Iron Taurus, is a threat actor suspected to be associated with China and has been involved in cyber operations primarily aimed at intellectual property theft. The group targets organizations globally, including those in North and South America, Europe, and the	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Stately Taurus Malware is associated with Iron Taurus. Stately Taurus, also known as Mustang Panda, Bronze President, Camaro Dragon, Earth Preta, Luminous Moth, and Red Delta, is a sophisticated malware that has been used in cyber-espionage campaigns primarily targeting government entities in Southeast Asia. It is believed to be associated with China's	Unspecified	2
The ASPXSpy Malware is associated with Iron Taurus. ASPXSpy is a type of malware, specifically a web shell, that has been used by various threat actors to exploit and damage computer systems. The earliest deployment attempts date back to 2022 when this malicious software was deployed to multiple hosted websites. It's typically installed on vulnerable	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Mustang Panda Threat Actor is associated with Iron Taurus. Mustang Panda, a China-aligned Advanced Persistent Threat (APT) group, has been identified as a significant cyber threat actor involved in a series of malicious activities. Notably, Mustang Panda was found to be associated with the BRONZE PRESIDENT phishing lure, which delivered PlugX and used modif	Unspecified	2

Source Document References

Information about the Iron Taurus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	6 months ago	Active Chinese Cyberespionage Campaign Rifling Email Servers
Unit42	6 months ago	Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia
Securityaffairs	a year ago	Is Gelsemium APT behind an attack in Southeast Asian Govt?
Unit42	a year ago	Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government