VERY IMPORTANT

More than a year after Operation DRBControl, a campaign by a cyberespionage group that targets gambling and betting companies in Southeast Asia, Trend Micro found evidence that the Iron Tiger threat actor (LuckyMouse, EmissaryPanda, APT27, Earth Smilodon) is still interested in the gambling industry. This blog details how Iron Tiger threat actors have updated their toolkit with an updated SysUpdate malware variant that now uses five files in its infection routine instead of the usual three. Trend Micro also provides details on Iron Tiger’s possible connections to other threat actors based on similar tactics, techniques, and procedures (TTPs) observed.