G0141 Gelsemium
Gelsemium is a cyberespionage group that has been active since at least 2014, targeting governmental institutions, electronics manufacturers, universities, and religious organizations in Eastern Asia and the Middle East.1
Item | Value |
---|---|
ID | G0141 |
Associated Names | |
Version | 1.0 |
Created | 30 November 2021 |
Last Modified | 02 December 2021 |
Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
Domain | ID | Name | Use |
---|---|---|---|
enterprise | T1583 | Acquire Infrastructure | - |
enterprise | T1583.004 | Server | Gelsemium has established infrastructure through renting servers at multiple providers worldwide.1 |
enterprise | T1568 | Dynamic Resolution | Gelsemium has used dynamic DNS in its C2 infrastructure.1 |
enterprise | T1195 | Supply Chain Compromise | - |
enterprise | T1195.002 | Compromise Software Supply Chain | Gelsemium has compromised software supply chains to gain access to victims.1 |