Security News > 2021 > June > Stealthy Gelsemium cyberspies linked to NoxPlayer supply-chain attack

ESET researchers have linked a stealthy cyberespionage group known as Gelsemium to the NoxPlayer Android emulator supply-chain attack that targeted gamers earlier this year.

Two years later, in 2016, new Gelsemium indicators of compromise showed up in a Verint Systems presentation at HITCON. In 2018, VenusTech unveiled an unknown APT group's malware samples linked to the Operation TooHash, which ESET later discovered were early versions of Gelsemium malware.

ESET researchers believe that Gelsemium is the APT group that coordinated the supply-chain attack that compromised and abused the updating of the NoxPlayer Android emulator for Windows and macOS to infect gamers' systems between September 2020 and January 2021.

This, in itself, makes Gelsemium's attack on NoxPlayer stand out since not many threat actors target gaming community targets.

"The investigation uncovered some overlap between this supply-chain attack and the Gelsemium group. Victims originally compromised by that supply-chain attack were later being compromised by Gelsemine," ESET's white paper reads.

"Unfortunately, we did not observe links as strong as one campaign dropping or downloading a payload that belongs to the other campaign, but we conclude, with medium confidence, that Operation NightScout is related to the Gelsemium group."

News URL

https://www.bleepingcomputer.com/news/security/stealthy-gelsemium-cyberspies-linked-to-noxplayer-supply-chain-attack/