PittyTiger, Pitty Panda
Description
(Airbus) Pitty Tiger is a group of attackers that have been active since at least 2011. They have targeted private companies in several sectors, such as defense and telecommunications, but also at least one government.
We have been able to track down this group of attackers and can provide detailed information about them. We were able to collect and reveal their “malware arsenal”. We also analyzed their technical organization.
Our investigations indicate that Pitty Tiger has not used any 0day vulnerability so far, rather they prefer using custom malware, developed for the group’s exclusive usage. Our discoveries indicate that Pitty Tiger is a group of attackers with the ability to stay under the radar, yet still not as mature as other groups of attackers we monitor.
Pitty Tiger is probably not a state-sponsored group of attackers. They lack the experience and financial support that one would expect from state-sponsored attackers. We suppose this group is opportunistic and sells its services to probable competitors of their targets in the private sector.
We have been able to leverage several attackers profiles, showing that the Pitty Tiger group is fairly small compared to other APT groups, which is probably why we saw them work on a very limited amount of targets.
There is some overlap with APT 5, Keyhole Panda.
Names
| Name | Name-Giver |
|---|---|
| PittyTiger | FireEye |
| Pitty Panda | CrowdStrike |
Country
Motivation
- Information theft and espionage
First Seen
2011
Observed Sectors
Observed Countries
Tools
Operations
- 2011: Operation “The Eye of the Tiger” https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/2014.07.11.Pitty_Tiger/Pitty_Tiger_Final_Report.pdf
- 2014-06: We discovered this malware sample in June 2014, leading to a command & control (c&c) server still in activity. Our researches around the malware family revealed the “Pitty Tiger” group has been active since 2011, yet we found traces which makes us believe the group is active since 2010. http://blog.cassidiancybersecurity.com/post/2014/07/The-Eye-of-the-Tiger2
- 2014-07: During the last month, McAfee Labs researchers have uncovered targeted attacks carried out via spear phishing email against a French company. We have seen email sent to a large group of individuals in the organization. https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/targeted-attacks-on-french-company-exploit-multiple-word-vulnerabilities/
- 2014: In a recent attack against a French company, the attackers sent simple, straightforward messages in English and French from free email addresses using names of actual employees of the targeted company. https://www.fireeye.com/blog/threat-research/2014/07/spy-of-the-tiger.html
Mitre Attack
Other Information
Uuid
26627515-afdb-421b-b59e-3a5300210001
Last Card Change
2021-12-26