🇨🇳

Iron Group

APT Group Information theft and espionage 20 zero-day CVEs ETDA ✓

Also Known As 1 names

Iron Cyber Group

Target Countries

No target country recorded

Sectors Targeted

No targeted sector recorded

Details

Origin 🇨🇳 CN

Last Updated 01 Jun 2022

Malware Families 7

pro_ocean

hyperssl

unidentified_080

kerberods

twoface

polpo

Xbash

MITRE ATT&CK 57

T1014 T1018 T1021 T1021.004 T1027 T1027.002 T1027.004 T1036 - Masquerading T1036.005 T1037 T1046 T1053 T1053.003 T1055 - Process Injection T1055.002 T1057 - Process Discovery T1059 - Command and Scripting Interpreter T1059.004 T1059.006 T1070 T1070.002 T1070.004 T1070.006 T1071 T1071.001 T1078 T1082 T1102 T1102.001 T1105 T1134 - Access Token Manipulation T1140 T1190 - Exploit Public-Facing Application T1213 T1222 T1222.002 T1496 T1496.001 T1505 - Server Software Component T1518 T1518.001 T1530 - Data from Cloud Storage Object T1543 T1543.002 T1547 T1547.001 T1552 T1552.004 T1562 T1562.001 T1562.004 T1564 T1564.001 T1566.001 T1571 T1574 T1574.006

Related Zero-Days 20

CVE-2019-19781 CVE-2021-26855 CVE-2021-40449 CVE-2022-42475 CVE-2023-23397 CVE-2023-38831 CVE-2023-46805 CVE-2023-6549 CVE-2024-12356 CVE-2024-21887 CVE-2024-21893 CVE-2024-24919 CVE-2024-3400 CVE-2024-50623 CVE-2025-14847 CVE-2025-2783 CVE-2025-53770 CVE-2025-53771 CVE-2025-55182 CVE-2025-59287

Iron Group

Also Known As 1 names

Target Countries

Sectors Targeted

Details

Malware Families 7

MITRE ATT&CK 57

Related Zero-Days 20

Known Names 4 entries

Description

Tools Used 6

Operations 8

Reports & References 1

ETDA Profile

MITRE ATT&CK Groups