← Back to Actors
GALLIUM
GALLIUMGranite Typhoon
[GALLIUM](https://attack.mitre.org/groups/G0093) is a cyberespionage group that has been active since at least 2012, primarily targeting telecommunications companies, financial institutions, and government entities in Afghanistan, Australia, Belgium, Cambodia, Malaysia, Mozambique, the Philippines, Russia, and Vietnam. This group is particularly known for launching Operation Soft Cell, a long-term campaign targeting telecommunications providers.(Citation: Cybereason Soft Cell June 2019) Security researchers have identified [GALLIUM](https://attack.mitre.org/groups/G0093) as a likely Chinese st...
31
Techniques
30
Covered
1
Gaps
97%
Coverage
Coverage30/31
GAPS (1)
COVERED (30)
T1003.001LSASS Memory111 det.T1003.002Security Account Manager49 det.T1005Data from Local System47 det.T1016System Network Configuration Discovery40 det.T1018Remote System Discovery51 det.T1027Obfuscated Files or Information606 det.T1027.002Software Packing2 det.T1027.005Indicator Removal from Tools6 det.T1033System Owner/User Discovery61 det.T1036.003Rename Legitimate Utilities47 det.T1041Exfiltration Over C2 Channel32 det.T1047Windows Management Instrumentation88 det.T1049System Network Connections Discovery22 det.T1053.005Scheduled Task100 det.T1059.001PowerShell372 det.T1059.003Windows Command Shell83 det.T1074.001Local Data Staging10 det.T1078Valid Accounts297 det.T1090.002External Proxy8 det.T1105Ingress Tool Transfer184 det.T1133External Remote Services74 det.T1136.002Domain Account11 det.T1190Exploit Public-Facing Application227 det.T1505.003Web Shell65 det.T1550.002Pass the Hash10 det.T1553.002Code Signing4 det.T1560.001Archive via Utility26 det.T1570Lateral Tool Transfer23 det.T1574.001DLL111 det.T1588.002Tool13 det.