Granite Typhoon

Malware updated a month ago (2024-10-15T14:01:01.872Z)

Download STIX

Preview STIX

Granite Typhoon is a malware attributed to China-based cyber actors, specifically the groups Raspberry Typhoon, Flax Typhoon, and Granite Typhoon. These entities have been known to target IT, military, and government interests around the South China Sea. The malicious software can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it has the potential to steal personal information, disrupt operations, or hold data for ransom. In 2023, the group was linked with attacks on telecommunications firms in an operation dubbed "Tainted Love" by SentinelOne. Microsoft has also associated the group with Granite Typhoon, previously known as Gallium. The attacks targeted various governmental entities including critical infrastructure, public healthcare institutions, public financial administrators, and ministries. The attribution of these attacks has been moderately confident to three separate clusters tracked as Stately Taurus (also known as Mustang Panda), Alloy Taurus (also known as Granite Typhoon), and Gelsemium. Microsoft tracks the malware under the name Granite Typhoon. The naming convention for these threat actors seems random, resulting in impressively named threats like Ghost Blizzard, Ruby Sleet, and Granite Typhoon.

Description last updated: 2024-10-15T13:16:11.438Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
GALLIUM is a possible alias for Granite Typhoon. Gallium, also known as Alloy Taurus, is a threat actor group that has been associated with significant cyber-espionage campaigns and is believed to have ties with China. The group has been linked to multiple intrusion sets targeting network devices, including routers and servers. Gallium notably tar	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Granite Typhoon Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
InfoSecurity-magazine	a month ago	Microsoft: Nation-States Team Up with Cybercriminals for Attacks
DARKReading	9 months ago	China-Linked Cyber Spies Blend Watering Hole, Supply Chain Attacks
CERT-EU	2 years ago	This Week In Security: Spandex Tempest, Supply Chain Chain, And NTP
CERT-EU	a year ago	New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
CERT-EU	2 years ago	Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks