HOMETHREATSRAZOR TIGER
APT / THREAT GROUP

RAZOR TIGER

🇮🇳India-attributed
1
campaigns
5
aliases
Last seen:Mar 17, 2026

Intelligence Profile

An actor mainly targeting Pakistan military targets, active since at least 2012. We have low confidence that this malware might be authored by an Indian company. To spread the malware, they use unique implementations to leverage the exploits of known vulnerabilities (such as CVE-2017-11882) and later deploy a Powershell payload in the final stages.

Threat Analysis

RAZOR TIGER is a known-sophistication threat actor attributed to India, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

RAZOR TIGER — Active Operations March 2026

RAZOR TIGER is a unknown-motivation threat actor attributed to IN. An actor mainly targeting Pakistan military targets, active since at least 2012. We have low confidence that this malware might be authored by an Indian company. To spread the malware, they use unique implementations to leverage the exploits of known vulnerabilities (such as CVE-...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇮🇳 India
Aliases5
SourceMalpedia

Also Known As

APT-C-17RAZOR TIGERSideWinderRattlesnakeT-APT-04

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.