Tags
State-Sponsored
Attribution
🇨🇳
Incidents
Gelsemium’s Shift to Linux Malware with WolfsBane and FireWood
References
https://assets.kpmg.com/content/dam/kpmg/in/pdf/2023/10/kpmg-ctip-gelsemium-apt-31-oct-2023.pdfhttps://www.welivesecurity.com/en/eset-research/unveiling-wolfsbane-gelsemiums-linux-counterpart-to-gelsevirine/
Last edited
Nov 24, 2024 3:22 PM
Status
Finalized
Cloud-fluent
Unique Tools
GelsevirineWolfsBaneFireWood
Targeted geography
Middle EastEast AsiaAsia
Targeted industries
GovernmentManufactoringEducation
The Gelsemium group has been active since at least 2014 and has been previously analyzed by several security companies. The group's name originates from a translation ESET identified in a VenusTech report, which first referred to the group as 狼毒草. This term corresponds to Gelsemium, a genus of flowering plants in the family Gelsemiaceae. One species, Gelsemium elegans, is known for its toxic compounds, including Gelsemine, Gelsenicine, and Gelsevirine. ESET adopted these names for the three components of the malware family associated with Gelsemium.