Operation PZCHAO Linked to APT Group IronTiger
Target: Asia and US Agencies
Attack Vector: Phishing Emails
Threat Actor: APT Group Iron Tiger
Summary: A new custom-built malware has been observed since July 2017, and may signal the return of the Chinese APT group known as irontiger. Dubbed Operation PZCHAO, it has targeted institutions in tech, education and the telecoms industry as well as governmental departments. This coupled with recently used tactics shares similarities with previous campaigns linked to irontiger and make it likely they are behind the PZCHAO malware.
Risk assessment summary: The threat from PZCHAO is currently assessed as 3d Moderate. A distinctive feature of the malware is the fact it contains several attack vectors and functions, which could be used to create increasingly effective attacks. The fact it has recently been targeting victims across multiple sectors may be an indication that irontiger may now pose a threat to a broad spectrum of organizations beyond their previous modus operandi.
Although the group has operated predominantly in the Asia region and against US government contractors, recent increased tensions relating to the South China Sea territorial dispute may mean that these actors may spread their activity beyond traditional geographic areas in order to target other Western interests and organizations and system users should remain vigilant for IOC’s.
However, it should be noted that infection methodology is not sophisticated and can be guarded against using routine security precautions which is why this particular APT threat is rated as moderate.