← Back to Actors
GALLIUM
GALLIUMGranite Typhoon
[GALLIUM](https://attack.mitre.org/groups/G0093) is a cyberespionage group that has been active since at least 2012, primarily targeting telecommunications companies, financial institutions, and government entities in Afghanistan, Australia, Belgium, Cambodia, Malaysia, Mozambique, the Philippines, Russia, and Vietnam. This group is particularly known for launching Operation Soft Cell, a long-term campaign targeting telecommunications providers.(Citation: Cybereason Soft Cell June 2019) Security researchers have identified [GALLIUM](https://attack.mitre.org/groups/G0093) as a likely Chinese st...
31
Techniques
30
Covered
1
Gaps
97%
Coverage
Coverage30/31
GAPS (1)
COVERED (30)
T1003.001LSASS Memory105 det.T1003.002Security Account Manager45 det.T1005Data from Local System46 det.T1016System Network Configuration Discovery35 det.T1018Remote System Discovery46 det.T1027Obfuscated Files or Information525 det.T1027.002Software Packing1 det.T1027.005Indicator Removal from Tools6 det.T1033System Owner/User Discovery59 det.T1036.003Rename Legitimate Utilities47 det.T1041Exfiltration Over C2 Channel30 det.T1047Windows Management Instrumentation85 det.T1049System Network Connections Discovery21 det.T1053.005Scheduled Task82 det.T1059.001PowerShell338 det.T1059.003Windows Command Shell79 det.T1074.001Local Data Staging10 det.T1078Valid Accounts252 det.T1090.002External Proxy6 det.T1105Ingress Tool Transfer170 det.T1133External Remote Services72 det.T1136.002Domain Account9 det.T1190Exploit Public-Facing Application208 det.T1505.003Web Shell57 det.T1550.002Pass the Hash9 det.T1553.002Code Signing3 det.T1560.001Archive via Utility24 det.T1570Lateral Tool Transfer20 det.T1574.001DLL106 det.T1588.002Tool13 det.