Iron Taurus

Malware updated 3 months ago (2024-05-23T15:17:35.802Z)

Download STIX

Preview STIX

Iron Taurus, also known as APT27, is a malware that has been linked to various cyber-espionage activities. This malicious software is designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. Iron Taurus is associated with Chinese nation-state threat actors and has been identified as part of a shared Chinese APT operational infrastructure, used in conjunction with other malwares such as Starchy Taurus (aka Winnti) and Stately Taurus (aka Mustang Panda). One notable operation involving Iron Taurus was Operation Iron Tiger, which was carried out in 2015. This operation was attributed to Iron Taurus according to reports by ERAI and Malpedia. During this operation, the malware was reportedly used to exploit vulnerabilities and gain unauthorized access to targeted systems. This shows the malware's capability to be utilized in large-scale, coordinated cyber attacks. The use of AspxSpy web shells was a significant aspect of Iron Taurus's methodology in Operation Iron Tiger. These web shells, which provide a hacker with remote control over a compromised system, were employed effectively by Iron Taurus. Experts have noted similarities between the AspxSpy web shells used by Iron Taurus and those employed by another malware, Gelsemium, indicating possible shared tactics or collaboration between different threat actors.

Description last updated: 2024-05-23T15:16:26.748Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Iron Tiger	3	Iron Tiger, also known as Iron Taurus or APT27, is a threat actor group known for executing malicious actions with the intent of espionage. The group became prominent after its involvement in Operation Iron Tiger, which was reported in 2015. This operation was a series of Chinese cyber-espionage att
APT27	2	APT27, also known as Iron Taurus, is a threat actor group suspected to be attributed to China. Engaging in cyber operations with the primary goal of intellectual property theft, APT27 targets organizations globally, with a focus on North and South America, Europe, and the Middle East. The group's mo

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Stately Taurus	Unspecified	2	Stately Taurus is a sophisticated malware associated with a Chinese Advanced Persistent Threat (APT) group that conducts cyberespionage campaigns. This group has been observed targeting government entities, as well as religious and non-governmental organizations across Europe and Asia. The malware i
ASPXSpy	Unspecified	2	ASPXSpy is a type of malware, specifically a web shell, that has been used by various threat actors to exploit and damage computer systems. The earliest deployment attempts date back to 2022 when this malicious software was deployed to multiple hosted websites. It's typically installed on vulnerable

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Mustang Panda	Unspecified	2	Mustang Panda, also known as Bronze President, Nomad Panda, Naikon, Earth Preta, and Stately Taurus, is a Chinese-aligned threat actor that has been associated with widespread attacks against various countries in the Asia-Pacific region. The group's malicious activities were first traced back to Mar

Source Document References

Information about the Iron Taurus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	3 months ago	Active Chinese Cyberespionage Campaign Rifling Email Servers
Unit42	3 months ago	Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia
Securityaffairs	a year ago	Is Gelsemium APT behind an attack in Southeast Asian Govt?
Unit42	a year ago	Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government