Granite Typhoon

Malware updated 4 months ago (2024-05-04T17:57:28.473Z)

Download STIX

Preview STIX

Granite Typhoon is a notable malware that has been implicated in several cyber-attacks on various organizations and entities. The malware, which operates by infiltrating systems through suspicious downloads, emails, or websites, has been linked to attacks on telecommunications firms in 2023, an operation dubbed "Operation Tainted Love" by SentinelOne. These attacks were associated with the attribution group Granite Typhoon, formerly known as Gallium, according to Microsoft. The malware was not only involved in Operation Tainted Love but also targeted a variety of governmental entities such as critical infrastructure, public healthcare institutions, public financial administrators, and ministries. These attacks have been attributed with moderate confidence to three disparate clusters tracked as Stately Taurus (also known as Mustang Panda), Alloy Taurus (also known as Granite Typhoon), and Gelsemium. Granite Typhoon was previously tracked by Microsoft under the name Gallium. The naming convention for these malware, including Granite Typhoon, appears to be random, leading to some impressively named threats like Ghost Blizzard, Ruby Sleet, and others. Despite their seemingly random names, these malicious programs pose significant threats to digital security, highlighting the need for robust cyber defense measures.

Description last updated: 2024-03-07T13:15:50.492Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
GALLIUM	2	Gallium, also known as Alloy Taurus, is a China-aligned threat actor known for executing actions with malicious intent in the cyber domain. In recent years, Gallium has been associated with various significant cyber-espionage campaigns. The group targeted telecommunication entities in the Middle Eas

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Granite Typhoon Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	6 months ago	China-Linked Cyber Spies Blend Watering Hole, Supply Chain Attacks
CERT-EU	a year ago	This Week In Security: Spandex Tempest, Supply Chain Chain, And NTP
CERT-EU	a year ago	New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
CERT-EU	a year ago	Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks