Security News > 2021 > June > Stealthy Gelsemium cyberspies linked to NoxPlayer supply-chain attack
ESET researchers have linked a stealthy cyberespionage group known as Gelsemium to the NoxPlayer Android emulator supply-chain attack that targeted gamers earlier this year.
Two years later, in 2016, new Gelsemium indicators of compromise showed up in a Verint Systems presentation at HITCON. In 2018, VenusTech unveiled an unknown APT group's malware samples linked to the Operation TooHash, which ESET later discovered were early versions of Gelsemium malware.
ESET researchers believe that Gelsemium is the APT group that coordinated the supply-chain attack that compromised and abused the updating of the NoxPlayer Android emulator for Windows and macOS to infect gamers' systems between September 2020 and January 2021.
This, in itself, makes Gelsemium's attack on NoxPlayer stand out since not many threat actors target gaming community targets.
"The investigation uncovered some overlap between this supply-chain attack and the Gelsemium group. Victims originally compromised by that supply-chain attack were later being compromised by Gelsemine," ESET's white paper reads.
"Unfortunately, we did not observe links as strong as one campaign dropping or downloading a payload that belongs to the other campaign, but we conclude, with medium confidence, that Operation NightScout is related to the Gelsemium group."
News URL
Related news
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Ultralytics Supply-Chain Attack (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)