Adversary

Viceroy Tiger

ORIGIN

India

Community Identifiers

Operation Hangover, Appin, APT-C-35, Donot

Viceroy Tiger is an adversary with a nexus to India that has historically targeted entities throughout multiple sectors.

Older activity targeted multiple sectors and countries; however, since 2015 this adversary appears to focus on entities in Pakistan with a particular focus on government and security organizations. This adversary consistently leverages spear phishing emails containing malicious Microsoft Office documents, malware designed to target the Android mobile platform, and phishing activity designed to harvest user credentials.

Recent Activity

In the first half of 2020, CrowdStrike Intelligence continued to observe activity from Viceroy Tiger. The activity continued to deploy its custom BackConfig malware via malicious Office documents, as well as its customer KnSpy malware for Android. In the latter half of the year, the adversary has incorporated additional exploitation techniques into its portfolio, including the use of remote template injection for greater stealth. Targeting is assessed to still have a primary focus on Pakistan with additional targeting throughout other parts of South Asia.

Targeted Nations

  • Flag Icon of the country Afghanistan

    Afghanistan

  • Flag Icon of the country Australia

    Australia

  • Flag Icon of the country Canada

    Canada

  • Flag Icon of the country China

    China

  • Flag Icon of the country India

    India

  • Flag Icon of the country Iran

    Iran

  • Flag Icon of the country Norway

    Norway

  • Flag Icon of the country Oman

    Oman

  • Flag Icon of the country Pakistan

    Pakistan

  • Flag Icon of the country Russian Federation

    Russian Federation

  • Flag Icon of the country Saudi Arabia

    Saudi Arabia

  • Flag Icon of the country Singapore

    Singapore

  • Flag Icon of the country Taiwan

    Taiwan

  • Flag Icon of the country Turkey

    Turkey

  • Flag Icon of the country United Arab Emirates

    United Arab Emirates

  • Flag Icon of the country United Kingdom

    United Kingdom

  • Flag Icon of the country United States

    United States

Target Industries

  • Aerospace
  • Dissident
  • Extractive
  • NGOs and Nonprofits
  • Government
  • Media
  • Technology

Artwork

Adversary: Viceroy Tiger - Threat Actor

Crowdstrike Viceroy Tiger

I have read and accept the terms and conditions

Download

Explore Next Adversary

Wicked Panda

All Adversaries 17

Explore Next Adversary

Terms and conditions

In order to download the adversary artwork, we kindly request you to accept our terms and conditions displayed below.

This image (“artwork”), is the intellectual property of CrowdStrike, Inc. and its affiliates and licensors (collectively, “us” or “we”) and may include other marks, trademarks, copyrighted materials, and other intellectual property (“assets”) that belong t o us, including, without limitation, CrowdStrike, the CrowdStrike logo, and CrowdStrike Falcon. We retain all right, title and interest in and to the artwork and all assets included therein. This artwork is offered to you as a convenience for your lawful a nd non-commercial use, solely as authorized by us, and subject to your compliance with these terms and conditions (“terms”) and any other guidelines or specifications that we may provide from time to time. We reserve the right to change these terms at any time without prior notice.

You should periodically check the latest information posted herein to be sure that you are in compliance. By downloading the artwork, you attest that you are at least 18 years of age and agree to the following terms, which const itute the sole and entire agreement between you and us with respect to the artwork. We reserve all rights not expressly granted to you herein. You may not use or display the artwork in any way: (i) that violates the rights of any person or entity or that may give rise to civil or criminal liability under laws or regulations applicable to you, another user, and/or CrowdStrike; (ii) that is defamatory, obscene, indecent, abusive, harassing, violent, hateful, inflammatory or otherwise objectionable; (iii) tha t is false, deceptive, misleading or fraudulent, including but not limited to: (a) any attempt to impersonate any person or entity, including any other user, CrowdStrike or a CrowdStrike employee; (b) any attempt to misrepresent your identity or affiliation with any person or organization; or (iv) for the purposes of recruiting, advertising, solicitation or commercial activities of any kind without our express written consent.

THE ARTWORK IS PROVIDED TO YOU BY CROWDSTRIKE ON AN “AS IS” AND “AS AVAILABLE” BA SIS, WITHOUT ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. EXCEPT TO THE EXTENT THAT A DISCLAIMER OF LIABILITY IS PROHIBITED UNDER APPLICABLE LAW, IN NO EVENT WILL CROWDSTRIKE, ITS AFFILIATES AND ITS LICENSORS, EMPLOYEES, AGENTS, OFFICERS AND DIRE CTORS BE LIABLE FOR DAMAGES OF ANY KIND, UNDER ANY LEGAL THEORY, ARISING OUT OF OR IN CONNECTION WITH YOUR USE, OR INABILITY TO USE, THE ARTWORK.