Gelsemium

Malware Profile Updated 2 days ago
Download STIX
Preview STIX
Gelsemium is a sophisticated malware, designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites. This malicious software has the capability to steal personal information, disrupt operations, and even hold data hostage for ransom. The Gelsemium group is known for its server-side exploitation, which results in a webshell, and the use of various custom and public tools deployed with stealth techniques and technologies. There have been several instances where Gelsemium Advanced Persistent Threat (APT) has been suspected of being behind targeted attacks on government institutions in Southeast Asia. While these allegations are recurrent, specific details about when these attacks took place or the extent of their impact remain unclear. In addition to these alleged activities, Gelsemium has been linked to other threat groups that have used similar server-side exploits to deploy webshells and multiple custom tools on organizations in Palestine, Tajikistan, and Kyrgyzstan. The key highlights involving Gelsemium this quarter include Kimsuky’s use of the Golang-based backdoor Durian in a supply-chain attack in South Korea. Apart from its activities in Asia, there have also been campaigns focused on the Middle East. These include not only APTs such as Gelsemium but also hacktivist attacks. The consistent emergence of Gelsemium in these cyber-attacks underscores its pervasive threat and the need for robust cybersecurity measures.
What's your take? (Question 1 of 5)
a2081f3e-4e34-4ffb-8557-f56cd5076d12 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Taurus
3
Taurus is a malicious software (malware) that has been associated with multiple cyber threat actors, notably Stately Taurus, Iron Taurus, and Starchy Taurus, all of which have connections to Chinese Advanced Persistent Threats (APTs). The malware is designed to infiltrate systems and steal personal
Stately Taurus
2
Stately Taurus, also known as Mustang Panda, Bronze President, Red Delta, LuminousMoth, Earth Preta, and Camaro Dragon, is a malicious software (malware) that has been active since at least 2012. It is associated with a Chinese Advanced Persistent Threat (APT) group and is believed to have originate
Alloy Taurus
2
Alloy Taurus, a threat actor group, has been identified as a significant cybersecurity concern due to its persistent attempts at cyberespionage, primarily targeting the government sector in Southeast Asia. The activity of this group was first observed in early 2022 and continued throughout 2023, dur
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Backdoor
Asia
Iis
Malware
Proxy
Government
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Gelsemium Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Unit42
8 months ago
Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government
CERT-EU
8 months ago
Evasive Gelsemium hackers spotted in attack against Asian govt
Unit42
8 months ago
Unit 42 Researchers Discover Multiple Espionage Operations Targeting Southeast Asian Government
Securityaffairs
8 months ago
Is Gelsemium APT behind an attack in Southeast Asian Govt?
CERT-EU
8 months ago
Stealthy APT Gelsemium Seen Targeting Southeast Asian Government
CERT-EU
8 months ago
Stealthy APT Gelsemium Seen Targeting Southeast Asian Government | Antivirus and Security news
CERT-EU
a year ago
Matthieu Faou | WeLiveSecurity
CERT-EU
8 months ago
New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
Securityaffairs
2 months ago
Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs
6 months ago
Security Affairs newsletter Round 447 by Pierluigi Paganini
Securityaffairs
3 months ago
Security Affairs newsletter Round 461 by Pierluigi Paganini
Securityaffairs
2 months ago
Security Affairs newsletter Round 466 by Pierluigi Paganini
CERT-EU
7 months ago
Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected
Securityaffairs
5 months ago
Security Affairs newsletter Round 452 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 456 by Pierluigi Paganini
Securityaffairs
23 days ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
CERT-EU
5 months ago
Security Affairs newsletter Round 452 by Pierluigi Paganini | #ransomware | #cybercrime | National Cyber Security Consulting
Securityaffairs
6 months ago
Security Affairs newsletter Round 449 by Pierluigi Paganini
Securityaffairs
6 months ago
Security Affairs newsletter Round 446 by Pierluigi Paganini
Securityaffairs
2 months ago
Security Affairs newsletter Round 463 by Pierluigi Paganini