Playful Taurus: a Chinese APT  active against Iran.
N2K logoJan 18, 2023

APT15, Vixen Panda, or Playful Taurus, it's the same unwelcome guest.

Playful Taurus: a Chinese APT active against Iran.

Palo Alto Networks’ Unit 42 has published a report describing “Playful Taurus” (also known as APT15 or Vixen Panda), a Chinese threat actor known for carrying out cyberespionage campaigns against government and diplomatic entities around the world.

Chinese cyberespionage in Iran.

In this case, Playful Taurus is targeting government entities in Iran with a new version of its Turian malware. The threat actor appears to have compromised the networks of at least four Iranian government organizations, including Iran’s Ministry of Foreign Affairs. The new version of the threat actor’s malware includes “some additional obfuscation and a modified network protocol.”

The researchers conclude, “Playful Taurus continues to evolve their tactics and their tooling. Recent upgrades to the Turian backdoor and new C2 infrastructure suggest that these actors continue to see success during their cyber espionage campaigns. Our analysis of the samples and connections to the malicious infrastructure suggest that Iranian government networks have likely been compromised. At the same time, we would also caution that Playful Taurus routinely deploys the same tactics and techniques against other government and diplomatic entities across North and South America, Africa and the Middle East.”