CNG0093

GALLIUMGALLIUM

Also known as: Red Dev 4 · Alloy Taurus · Granite Typhoon · PHANTOM PANDA · GALLIUM

Origin
CN
Known aliases
5

Profile

GALLIUM, is a threat actor believed to be targeting telecommunication providers over the world, mostly South-East Asia, Europe and Africa. To compromise targeted networks, GALLIUM target unpatched internet-facing services using publicly available exploits and have been known to target vulnerabilities in WildFly/JBoss.

Aliases· 5

Red Dev 4Alloy TaurusGranite TyphoonPHANTOM PANDAGALLIUM

MITRE ATT&CK Group crosswalk

G0093

References

  1. https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/
  2. https://www.youtube.com/watch?v=fBFm2fiEPTg
  3. https://troopers.de/troopers22/talks/7cv8pz/
  4. https://unit42.paloaltonetworks.com/atoms/alloytaurus/
  5. https://unit42.paloaltonetworks.com/alloy-taurus-targets-se-asian-government/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
GOLD GALLEON
Actor
Gallmaker
Actor
HAFNIUM
Actor
MUSTANG PANDA
Actor
GoldenJackal
Actor
PLATINUM
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.