ETDA ThaiCERT
Report
Search
Home > List all groups > Roaming Tiger

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Roaming Tiger

NamesRoaming Tiger (ESET)
CountryChina China
MotivationInformation theft and espionage
First seen2014
Description(Palo Alto) In late 2014, ESET presented an attack campaign that had been observed over a period of time targeting Russia and other Russian speaking nations, dubbed “Roaming Tiger”. The attack was found to heavily rely on RTF exploits and at the time, thought to make use of the PlugX malware family.
ObservedCountries: Belarus, Kazakhstan, Kyrgyzstan, Russia, Tajikistan, Ukraine, Uzbekistan.
Tools usedBBSRAT, Gh0st RAT, PlugX.
Operations performedAug 2015<https://unit42.paloaltonetworks.com/bbsrat-attacks-targeting-russian-organizations-linked-to-roaming-tiger/>
Information<http://2014.zeronights.org/assets/files/slides/roaming_tiger_zeronights_2014.pdf>

Last change to this card: 14 April 2020

Download this actor card in PDF or JSON format

Previous: RevengeHotels
Next: Rocket Kitten, Newscaster, NewsBeef

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key