Adversary
Viceroy Tiger
ORIGIN
India
Community Identifiers
Operation Hangover, Appin, APT-C-35, Donot
Viceroy Tiger is an adversary with a nexus to India that has historically targeted entities throughout multiple sectors.
Older activity targeted multiple sectors and countries; however, since 2015 this adversary appears to focus on entities in Pakistan with a particular focus on government and security organizations. This adversary consistently leverages spear phishing emails containing malicious Microsoft Office documents, malware designed to target the Android mobile platform, and phishing activity designed to harvest user credentials.
Recent Activity
In the first half of 2020, CrowdStrike Intelligence continued to observe activity from Viceroy Tiger. The activity continued to deploy its custom BackConfig malware via malicious Office documents, as well as its customer KnSpy malware for Android. In the latter half of the year, the adversary has incorporated additional exploitation techniques into its portfolio, including the use of remote template injection for greater stealth. Targeting is assessed to still have a primary focus on Pakistan with additional targeting throughout other parts of South Asia.
Targeted Nations
Afghanistan
Australia
Canada
China
India
Iran
Norway
Oman
Pakistan
Russian Federation
Saudi Arabia
Singapore
Taiwan
Turkey
United Arab Emirates
United Kingdom
United States
Target Industries
- Aerospace
- Dissident
- Extractive
- NGOs and Nonprofits
- Government
- Media
- Technology
Artwork

Crowdstrike Viceroy Tiger
I have read and accept the terms and conditions