Security News > 2023 > September > Evasive Gelsemium hackers spotted in attack against Asian govt

A stealthy advanced persistent threat tracked as Gelsemium was observed in attacks targeting a Southeast Asian government that spanned six months between 2022 and 2023.
Gelsemium is a cyberespionage group operational since 2014, targeting government, education, and electronic manufacturers in East Asia and the Middle East.
A new report by Palo Alto Network's Unit 42 reveals how a new Gelsemium campaign uses rarely seen backdoors linked to the threat actors with medium confidence.
The OwlProxy is a unique, custom HTTP proxy and backdoor tool Unit 42 reports Gelsemium used in a past attack targeting the Taiwanese government.
The second custom implant associated with Gelsemium is SessionManager, an IIS backdoor that Kaspersky linked to the threat group last summer.
In conclusion, Unit 42 notes Gelsemium's tenacity, with the threat actors introducing multiple tools and adapting the attack as needed even after security solutions stopped some of their backdoors.
News URL
Related news
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Hackers abuse Zoom remote control feature for crypto-theft attacks (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Lazarus hackers breach six companies in watering hole attacks (source)