Security experts at Trend Micro have uncovered a new targeted attack campaign dubbed Operation Iron Tiger. Threat actors behind the Operation Iron Tiger have stolen trillions of data from defense contractors in the US. Stolen data include intellectual property, including emails and strategic planning documents and many other highly confidential information that could be used by attackers to destabilize an organization.
The experts speculate that the Iron Tiger Operation was carried out by the China-based group dubbed “Emissary Panda.”
“Operation Iron Tiger is a targeted attack campaign discovered to have stolen trillions of data from defense contractors in the US, including stolen emails, intellectual property, strategic planning documents—data and records that could be used to destabilize an organization.” states a blog post published by Trend Micro.
In August 2015, researchers at Dell discovered that the Panda Emissary group used Watering hole attacks as the attack vector, they compromised websites popular with a target organization’s personnel.
The Panda Emissary (also known as TG-3390) targeted high-profile governments and organisations searching for defence aerospace projects.
The group is active at least since 2010 targeting organization in APAC, but since 2013 it is attacking high-technology targets in the US.
The experts consider the Panda Emissary a “highly competent and sophisticated group“, Trend Micro revealed to have seen them steal up to 58 GB worth of data from a single target.
“The Iron Tiger actors can be skilled computer security experts but sparingly used advanced techniques, given their weakly protected target networks. They do not follow a specific schedule when it came to launching attacks. Instead, they prioritize attacks based on a list of chosen targets.” states the experts.
The attackers used spear-phishing emails to carry on the attacks, the experts at Trend Micro analyzed in detail the accounts used by the hackers and the composition of the email messages (i.e. subject, language, message).
Trend Micro published a detailed report on the Operation Iron Tiger, the investigation allowed the experts to analyze the TTPs (Tactics, Techniques and Procedures of the threat actor.
Below the key findings of the report:
Enjoy the full research paper entitled “Operation Iron Tiger: Exploring Chinese Cyber Espionage Attacks on US Defense Contractors.”
(Security Affairs – Operation Iron Tiger, cyber espionage)