G0093

G0093GALLIUM

Description

[GALLIUM](https://attack.mitre.org/groups/G0093) is a cyberespionage group that has been active since at least 2012, primarily targeting telecommunications companies, financial institutions, and government entities in Afghanistan, Australia, Belgium, Cambodia, Malaysia, Mozambique, the Philippines, Russia, and Vietnam. Security researchers have identified [GALLIUM](https://attack.mitre.org/groups/G0093) as a likely Chinese state-sponsored group, based in part on tools used and TTPs commonly associated with Chinese threat actors.(Citation: Cybereason Soft Cell June 2019)(Citation: Microsoft GALLIUM December 2019)(Citation: Unit 42 PingPull Jun 2022)

References

  1. https://attack.mitre.org/groups/G0093
  2. https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers
  3. https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/
  4. https://unit42.paloaltonetworks.com/pingpull-gallium/

Software attributed to this2

TypeTargetConfidenceTier
SoftwarePingPulls1031100%live
SoftwareBlackMoulds0564100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Group
Gallmaker
Group
Gelsemium
Group
BlackTech
Group
APT41
Group
HAFNIUM
Actor
GOLD GALLEON
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.