Softcell

Threat Actor updated 23 days ago (2024-11-29T14:05:52.415Z)
Download STIX
Preview STIX
Softcell is a recognized threat actor, also known as GALLIUM, that has gained notoriety for its targeted cyber attacks on telecommunications companies operating in Southeast Asia, Europe, and Africa. This group's activities have been meticulously tracked and documented by cybersecurity professionals, highlighting their sophisticated tactics and aggressive strategies. The naming conventions used in the cybersecurity industry can often be confusing, with Softcell being an example of one entity having multiple aliases. Recently, researchers from Palo Alto Networks Unit 42 observed Softcell, now linked to the China-based Alloy Taurus group, expanding its target range to Linux systems with a new variant of the PingPull backdoor. In the course of this investigation, the researchers discovered a previously unknown backdoor used by this threat actor, which they have since designated as Sword2033. This discovery underscores the evolving nature of Softcell's capabilities and the increasing complexity of its attack vectors. It's important to note that there is another entity named Softcell Technologies Global, an award-winning System Integrator based in India. This company, which serves over 5000 customers nationwide and has been a partner for more than ten years, recently received the Harmony Partner Award. Despite sharing a name, this firm has no connection to the threat actor Softcell (GALLIUM). It is crucial to differentiate between these two entities to avoid any misunderstanding or miscommunication.
Description last updated: 2024-05-05T11:30:05.414Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
GALLIUM is a possible alias for Softcell. Gallium, also known as Alloy Taurus, is a threat actor group that has been associated with significant cyber-espionage campaigns and is believed to have ties with China. The group has been linked to multiple intrusion sets targeting network devices, including routers and servers. Gallium notably tar
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Softcell Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more