Roaming Tiger - Threat Group Cards: A Threat Actor
Encyclopedia
Archived: 2026-04-05 18:07:20 UTC
Home > List all groups > Roaming Tiger
 APT group: Roaming Tiger
Names
Roaming Tiger (ESET)
Rotten Tomato (Sophos)
CTG-7273 (SecureWorks)
Bronze Woodland (SecureWorks)
Country China
Motivation Information theft and espionage
First seen 2014
Description
(Palo Alto) In late 2014, ESET presented an attack campaign that had been observed
over a period of time targeting Russia and other Russian speaking nations, dubbed
“Roaming Tiger”. The attack was found to heavily rely on RTF exploits and at the
time, thought to make use of the PlugX malware family.
Observed
Countries: Belarus, Kazakhstan, Kyrgyzstan, Russia, Tajikistan, Ukraine,
Uzbekistan.
Tools used BBSRAT, Gh0st RAT, PlugX.
Operations performed Aug 2015
Information Last change to this card: 10 August 2021
Download this actor card in PDF or JSON format
Source: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=ee5e9d82-26c3-4f35-bee4-457ab5e20119
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=ee5e9d82-26c3-4f35-bee4-457ab5e20119
Page 1 of 1