🇨🇳

Gelsemium

APT Group Information theft and espionage 1 zero-day CVE ETDA ✓

Also Known As

No alias recorded

Target Countries 39

Countries highlighted in red

United Arab Emirates Argentina Brunei Darussalam China Djibouti Egypt United Kingdom Equatorial Guinea Hong Kong Indonesia Israel Iraq Islamic Republic of Iran Jordan Japan Kenya Democratic People's Republic of Korea Republic of Korea Kuwait Lao People's Democratic Republic Lebanon Sri Lanka Mongolia Malaysia Nigeria Oman Philippines Pakistan Russian Federation Saudi Arabia Singapore Syrian Arab Republic Swaziland Thailand Turkey Province of China Taiwan United States Vietnam Yemen

Sectors Targeted

Religious organization Public Administration 92 Gaming Grantmaking and Giving Services 8132 Electronics Manufacturers Arts, Entertainment, and Recreation 71 Educational Services 61 NAICS:813 813 Computer Systems Design Services 541512 Government religious organizations Universities High-Tech Computer and Electronic Product Manufacturing 334 Information 51 NAICS:31 31 NGOs Education

Details

Origin 🇨🇳 CN
Last Updated 01 Jun 2022

MITRE ATT&CK 34

T1014 - Rootkit T1021 - Remote Services T1027 - Obfuscated Files or Information T1036 - Masquerading T1037 - Boot or Logon Initialization Scripts T1041 - Exfiltration Over C2 Channel T1055 - Process Injection T1056 - Input Capture T1059 - Command and Scripting Interpreter T1059.001 T1070 - Indicator Removal on Host T1071.001 T1078 - Valid Accounts T1082 - System Information Discovery T1083 - File and Directory Discovery T1090 T1102 - Web Service T1105 - Ingress Tool Transfer T1112 - Modify Registry T1222 - File and Directory Permissions Modification T1505 - Server Software Component T1543 - Create or Modify System Process T1546 - Event Triggered Execution T1547 - Boot or Logon Autostart Execution T1548 - Abuse Elevation Control Mechanism T1562 - Impair Defenses T1564 - Hide Artifacts T1566 - Phishing T1566.001 T1571 - Non-Standard Port T1573 - Encrypted Channel T1574 - Hijack Execution Flow T1583 - Acquire Infrastructure T1587 - Develop Capabilities

Related Zero-Days 1

CVE-2022-30190