ESET researchers uncover espionage activities against governments and other targets. Hacker group Gelsemium has targeted high-profile organizations, companies and authorities in East Asia and the Middle East with the Gelsevirine malware.
ESET researchers have analyzed several campaigns that they attribute to the cyber espionage group Gelsemium. The experts from the European IT security manufacturer traced the malware Gelsevirine used. During the investigation, the researchers found a new version of the malware.
Gelsevirine is aimed at governments
The victims of their campaigns are located in East Asia as well as the Middle East and include governments, religious organizations, electronics manufacturers and universities. So far, the group has managed to stay largely under the radar. The researchers have published their results in a whitepaper on welivesecurity.
ESET researchers believe Gelsemium was behind the supply chain attack against BigNox, previously reported as Operation NightScout. This was a supply chain attack reported by ESET that compromised the update mechanism of the Android emulator NoxPlayer. NoxPlayer is part of the BigNox product range with over 150 million users worldwide. The investigation revealed some overlap between this supply chain attack and the Gelsemium group. Victims who were originally compromised by this supply chain attack were later compromised by Gelsemine.
More at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.