Threat Actor Characterization
You’re viewing the read-only version.
Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Gallium
ID: 8014955b9c7b4786655dde7ee3cff60549571
Cybercrime
State-Sponsored
Threat types: Intrusion, Espionage, Malware
Progress: 43%
Completeness: 40%
Freshness: 50%
Operation zone: Afghanistan, Australia, Belgium, Cambodia, Malaysia, Mozambique, Philippines, Russia, Vietnam
Aliases
Limited alias preview
No aliases registered.
Actor Network Graph
Open Network GraphMITRE ATT&CK®
confidence: medium
GALLIUM is a cyberespionage group that has been active since at least 2012, primarily targeting telecommunications companies, financial institutions, and government entities in Afghanistan, Australia, Belgium, Cambodia, Malaysia, Mozambique, the Philippines, Russia, and Vietnam. This group is particularly known for launching Operation Soft Cell, a long-term campaign targeting telecommunications providers. Security researchers have identified GALLIUM as a likely Chinese state-sponsored group, based in part on tools used and TTPs commonly associated with Chinese threat actors. Ref: https://attack.mitre.org/groups/G0093/
| Technique | Technique name | Tactics | Evidence |
|---|---|---|---|
| T1003.001 | LSASS Memory | TA0006 |
|
| T1003.002 | Security Account Manager | TA0006 |
|
| T1027.002 | Software Packing | TA0005 |
|
| T1027.005 | Indicator Removal from Tools | TA0005 |
|
| T1036.003 | Rename Legitimate Utilities | TA0005 |
|
| T1053.005 | Scheduled Task | TA0002 TA0003 TA0004 |
|
| T1059.001 | PowerShell | TA0002 |
|
| T1059.003 | Windows Command Shell | TA0002 |
|
| T1074.001 | Local Data Staging | TA0009 |
|
| T1090.002 | External Proxy | TA0011 |
|
| T1136.002 | Domain Account | TA0003 |
|
| T1505.003 | Web Shell | TA0003 |
|
| T1550.002 | Pass the Hash | TA0005 TA0008 |
|
| T1553.002 | Code Signing | TA0005 |
|
| T1560.001 | Archive via Utility | TA0009 |
|
| T1574.001 | DLL | TA0003 TA0004 TA0005 |
|
| T1583.004 | Server | TA0042 |
|
| T1588.002 | Tool | TA0042 |
|
Executive brief
now
Saved successfully.
Hunting Playbook
now
Saved successfully.
IOC Appendix
now
Saved successfully.
OSINT Library
now
Saved successfully.