Also referred to as APT27, Bronze Union, Emissary Panda, Lucky Mouse, and TG-3390 (Threat Group 3390), Iron Tiger has been active since at least 2010, targeting hundreds of organizations worldwide for cyberespionage purposes.

As part of recent attacks, the advanced persistent threat (APT) group abused the compromised servers of MiMi – an instant messaging application available on Windows, macOS, Android, and iOS – for malware delivery. The desktop version of MiMi is built using the cross-platform framework ElectronJS.