Common Information
| Type | Value |
|---|---|
| Value |
GADOLINIUM |
| Category | Actor |
| Type | Microsoft-Activity-Group |
| Misp Type | Cluster |
| Description | GADOLINIUM is a nation-state activity group that has been compromising targets for nearly a decade with a worldwide focus on the maritime and health industries. As with most threat groups, GADOLINIUM tracks the tools and techniques of security practitioners looking for new techniques they can use or modify to create new exploit methods. Historically, GADOLINIUM used custom-crafted malware families that analysts can identify and defend against. In response, over the last year GADOLINIUM has begun to modify portions of its toolchain to use open-source toolkits to obfuscate their activity and make it more difficult for analysts to track. Because cloud services frequently offer a free trial or one-time payment (PayGo) account offerings, malicious actors have found ways to take advantage of these legitimate business offerings. By establishing free or PayGo accounts, they can use cloud-based technology to create a malicious infrastructure that can be established quickly then taken down before detection or given up at little cost. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-10-14 | 3 | 3분기 국가별 해커그룹 동향 보고서 | ||
| Details | Website | 2024-09-04 | 11 | Reconnaissance Scanning Tools Used by Chinese Threat Actors and Those Available in Open Source | ||
| Details | Website | 2024-07-17 | 17 | Understanding APT40: Insights from CISA’s Latest Joint Security Advisory | ||
| Details | Website | 2022-12-06 | 9 | Weaponizing the IT Supply Chain: Leviathan’s Attacks and Kinetic Naval Intervention in the South China Sea | ||
| Details | Website | 2022-08-30 | 122 | Rising Tide: Chasing the Currents of Espionage in the South China Sea | Proofpoint US | ||
| Details | Website | 2022-08-10 | 24 | Avast Q2/2022 Threat Report - Avast Threat Labs | ||
| Details | Website | 2021-10-26 | 14 | China cyber attacks: the current threat landscape | ||
| Details | Website | 2021-07-18 | 4 | Four Chinese Nationals Working with the Ministry of State Security Charged with Global Computer Intrusion Campaign Targeting Intellectual Property and Confidential Business Information, Including Infectious Disease Research | ||
| Details | Website | 2021-04-07 | 22 | Dead Drop Resolvers - Espionage Inspired C&C Communication | ||
| Details | Website | 2020-09-24 | 19 | Microsoft Security—detecting empires in the cloud - Microsoft Security Blog |