Gelsemium’s first stage is a large dropper written in C++ using the Microsoft Foundation Class library (MFC). This stage contains multiple further stages’ binaries.

This, in itself, makes Gelsemium's attack on NoxPlayer stand out since not many threat actors target gaming community targets. "The investigation uncovered some overlap between this supply-chain ...

FireWood overview Though only loosely linked to Gelsemium, FireWood is another Linux backdoor that could enable versatile, long-term espionage campaigns. Its command execution capabilities enable ...

Gelsemium has previously targeted entities in Eastern Asia and the Middle East. The first backdoor is a part of a simple loading chain consisting of the dropper, launcher, and backdoor.

The group, in this instance, is called Gelsemium, suggesting that it has at least one herbalist in its ranks. Itis a relatively known Chinese group, active since at least 2014. It mostly targets ...

With a “moderate level of confidence,” Unit 42 attributed a third cluster to the Gelsemium group, not linked to any specific state, installing a rare combination of attacks.

Gelsemium is hitting its targets with WolfsBane, ESET claims When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.