More than a year after Operation DRBControl, a campaign by a cyberespionage group that targets gambling and betting companies in Southeast Asia, we found evidence that the Iron Tiger threat actor is still interested in the gambling industry.
This blog details how Iron Tiger threat actors have updated their toolkit with an updated SysUpdate malware variant that now uses five files in its infection routine instead of the usual three. We also provide details on Iron Tiger’s possible connections to other threat actors based on similar tactics, techniques, and procedures (TTPs) we’ve observed. Finally, we describe some of the rootkits that Iron Tiger is using, one of which is used to hide files at the kernel level, and has not been previously reported as being used by this threat actor.
A Look at the Iron Tiger Threat Group
In 2019, Talent-Jump, Inc., a security service and system integration company, discovered several malware variants in a gambling company during an incident response operation and sought our help for further investigation and analysis.
Source: Trend Micro