Gelsemium

Malware updated a month ago (2024-08-01T14:48:57.908Z)

Download STIX

Preview STIX

Gelsemium is a type of malware, a malicious software designed to infiltrate and damage computer systems. It can be introduced into a system through suspicious downloads, emails, or websites, often without the user's knowledge. Once it has gained access, Gelsemium has the ability to steal personal information, disrupt operations, or even hold data hostage for ransom. There have been repeated instances suggesting that Gelsemium APT (Advanced Persistent Threat) is behind targeted attacks on Southeast Asian governments. The Gelsemium APT group is known for its sophisticated attacks and has been linked to various cyber espionage campaigns. In these instances, the malware was likely used to extract sensitive information from government databases, causing significant disruption and potential security risks. In addition to the Southeast Asian governments, Gelsemium has also been implicated in server-side exploits against organizations in Palestine, Tajikistan, and Kyrgyzstan. These attacks typically involve deploying a web shell and multiple custom tools. Furthermore, Gelsemium has been associated with 'EarthWorm', an open-source SOCKS proxy tunneller available on GitHub, which has been utilized by multiple China-linked APT groups including 'Volt Typhoon', 'APT27', and 'Gelsemium' itself.

Description last updated: 2024-08-01T13:37:44.713Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Backdoor

Proxy

Government

Asia

Iis

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Stately Taurus	is related to	2	Stately Taurus is a sophisticated malware associated with a Chinese Advanced Persistent Threat (APT) group that conducts cyberespionage campaigns. This group has been observed targeting government entities, as well as religious and non-governmental organizations across Europe and Asia. The malware i

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Alloy Taurus	is related to	2	Alloy Taurus, a threat actor group, has been identified as a significant cybersecurity concern due to its persistent attempts at cyberespionage, primarily targeting the government sector in Southeast Asia. The activity of this group was first observed in early 2022 and continued throughout 2023, dur

Source Document References

Information about the Gelsemium Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	2 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Velvet Ant uses F5 BIG-IP malware in cyber espionage campaign
Securityaffairs	3 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading	4 months ago	'The Mask' Espionage Group Resurfaces After 10-Year Hiatus
Securelist	4 months ago	APT trends report Q1 2024 – Securelist
Securityaffairs	4 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	5 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs	5 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini
Securityaffairs	6 months ago	Security Affairs newsletter Round 463 by Pierluigi Paganini
Securityaffairs	6 months ago	Security Affairs newsletter Round 462 by Pierluigi Paganini
Securityaffairs	6 months ago	Security Affairs newsletter Round 461 by Pierluigi Paganini