← Back to Actors
GALLIUM
GALLIUMGranite Typhoon
[GALLIUM](https://attack.mitre.org/groups/G0093) is a cyberespionage group that has been active since at least 2012, primarily targeting telecommunications companies, financial institutions, and government entities in Afghanistan, Australia, Belgium, Cambodia, Malaysia, Mozambique, the Philippines, Russia, and Vietnam. This group is particularly known for launching Operation Soft Cell, a long-term campaign targeting telecommunications providers.(Citation: Cybereason Soft Cell June 2019) Security researchers have identified [GALLIUM](https://attack.mitre.org/groups/G0093) as a likely Chinese st...
31
Techniques
30
Covered
1
Gaps
97%
Coverage
Coverage30/31
GAPS (1)
COVERED (30)
T1003.001LSASS Memory111 det.T1003.002Security Account Manager49 det.T1005Data from Local System47 det.T1016System Network Configuration Discovery39 det.T1018Remote System Discovery50 det.T1027Obfuscated Files or Information561 det.T1027.002Software Packing1 det.T1027.005Indicator Removal from Tools6 det.T1033System Owner/User Discovery61 det.T1036.003Rename Legitimate Utilities47 det.T1041Exfiltration Over C2 Channel31 det.T1047Windows Management Instrumentation87 det.T1049System Network Connections Discovery22 det.T1053.005Scheduled Task99 det.T1059.001PowerShell368 det.T1059.003Windows Command Shell82 det.T1074.001Local Data Staging10 det.T1078Valid Accounts280 det.T1090.002External Proxy6 det.T1105Ingress Tool Transfer183 det.T1133External Remote Services72 det.T1136.002Domain Account11 det.T1190Exploit Public-Facing Application216 det.T1505.003Web Shell63 det.T1550.002Pass the Hash10 det.T1553.002Code Signing3 det.T1560.001Archive via Utility26 det.T1570Lateral Tool Transfer22 det.T1574.001DLL109 det.T1588.002Tool13 det.