Operation Hangover, Appin, APT-C-35, Donot
Viceroy Tiger is an adversary with a nexus to India that has historically targeted entities throughout multiple sectors.
Older activity targeted multiple sectors and countries; however, since 2015 this adversary appears to focus on entities in Pakistan with a particular focus on government and security organizations. This adversary consistently leverages spear phishing emails containing malicious Microsoft Office documents, malware designed to target the Android mobile platform, and phishing activity designed to harvest user credentials.
In the first half of 2020, CrowdStrike Intelligence continued to observe activity from Viceroy Tiger. The activity continued to deploy its custom BackConfig malware via malicious Office documents, as well as its customer KnSpy malware for Android. In the latter half of the year, the adversary has incorporated additional exploitation techniques into its portfolio, including the use of remote template injection for greater stealth. Targeting is assessed to still have a primary focus on Pakistan with additional targeting throughout other parts of South Asia.
United Arab Emirates
- NGOs and Nonprofits