🌼

Gelsemium

Tags

State-Sponsored

Attribution

🇨🇳

Incidents

Gelsemium’s Shift to Linux Malware with WolfsBane and FireWood

References

https://assets.kpmg.com/content/dam/kpmg/in/pdf/2023/10/kpmg-ctip-gelsemium-apt-31-oct-2023.pdfhttps://www.welivesecurity.com/en/eset-research/unveiling-wolfsbane-gelsemiums-linux-counterpart-to-gelsevirine/

Last edited

Nov 24, 2024 3:22 PM

Status

Finalized

Cloud-fluent

Unique Tools

Gelsevirine WolfsBane FireWood

Targeted geography

Middle EastEast AsiaAsia

Targeted industries

GovernmentManufactoringEducation

The Gelsemium group has been active since at least 2014 and has been previously analyzed by several security companies. The group's name originates from a translation ESET identified in a VenusTech report, which first referred to the group as 狼毒草. This term corresponds to Gelsemium, a genus of flowering plants in the family Gelsemiaceae. One species, Gelsemium elegans, is known for its toxic compounds, including Gelsemine, Gelsenicine, and Gelsevirine. ESET adopted these names for the three components of the malware family associated with Gelsemium.