Start your day with intelligence. Get The OODA Daily Pulse.

Home > Briefs > Cyber > Stealthy APT Gelsemium Seen Targeting Southeast Asian Government

Stealthy APT Gelsemium Seen Targeting Southeast Asian Government

Palo Alto Networks observed the advanced persistent threat (APT) actor Gelsemium targeting government organizations in Southeast Asia. The cyberespionage campaign deployed web shells, backdoors, and a Cobalt Strike beacon to establish access and collect intelligence.

The threat actor specifically used the reGeorg, China Chopper, and AspxSpy web shells to run commands. Some attacks utilized the OwlProxy HTTP proxy to establish backdoors. If the threat actor could not deploy OwlProxy, they instead used the EarthWorm SOCKS tunneler to link their C&C network to the target network. The attackers also employed the Potato Suite and SpoolFool for privilege escalation. Palo Alto Networks observed the APT group unsuccessfully attempt to deploy the SessionManager custom backdoor on multiple victims’ networks. Gelsemium has targeted a wide range of public organizations and private industries in East Asia and the Middle East since 2014.

Read More:

https://www.securityweek.com/stealthy-apt-gelsemium-seen-targeting-southeast-asian-government/