Softcell

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
Softcell is a recognized threat actor, also known as GALLIUM, that has gained notoriety for its targeted cyber attacks on telecommunications companies operating in Southeast Asia, Europe, and Africa. This group's activities have been meticulously tracked and documented by cybersecurity professionals, highlighting their sophisticated tactics and aggressive strategies. The naming conventions used in the cybersecurity industry can often be confusing, with Softcell being an example of one entity having multiple aliases. Recently, researchers from Palo Alto Networks Unit 42 observed Softcell, now linked to the China-based Alloy Taurus group, expanding its target range to Linux systems with a new variant of the PingPull backdoor. In the course of this investigation, the researchers discovered a previously unknown backdoor used by this threat actor, which they have since designated as Sword2033. This discovery underscores the evolving nature of Softcell's capabilities and the increasing complexity of its attack vectors. It's important to note that there is another entity named Softcell Technologies Global, an award-winning System Integrator based in India. This company, which serves over 5000 customers nationwide and has been a partner for more than ten years, recently received the Harmony Partner Award. Despite sharing a name, this firm has no connection to the threat actor Softcell (GALLIUM). It is crucial to differentiate between these two entities to avoid any misunderstanding or miscommunication.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
GALLIUM
2
Gallium, also known as Alloy Taurus, is a China-aligned threat actor known for executing actions with malicious intent in the cyber domain. In recent years, Gallium has been associated with various significant cyber-espionage campaigns. The group targeted telecommunication entities in the Middle Eas
Alloy Taurus
1
Alloy Taurus, a threat actor group, has been identified as a significant cybersecurity concern due to its persistent attempts at cyberespionage, primarily targeting the government sector in Southeast Asia. The activity of this group was first observed in early 2022 and continued throughout 2023, dur
Sword2033
1
Sword2033 is a new and previously undocumented backdoor tool used by the China-linked threat actor known as Alloy Taurus. This group, also referred to as GALLIUM or Softcell, has been actively targeting Linux systems with a variant of the PingPull backdoor, while also deploying Sword2033 in their op
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Linux
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
PingPullUnspecified
1
PingPull is a malicious software (malware) developed by the Chinese nation-state group known as Alloy Taurus, also referred to as Gallium. The malware is designed to exploit and damage computer systems, with capabilities such as stealing personal information, disrupting operations, or holding data h
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Softcell Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool
Securityaffairs
a year ago
Alloy Taurus APT uses a Linux variant of PingPull malware
CERT-EU
10 months ago
Check Point highlights leading partners in APAC region