Located in ASIA, the Brain Gelsemium Behind Cyber ​​Espionage

loading…

ESET researchers found cyber espionage activity moving under the radar. This dangerous activity is called Gelsemium. photo/ IST

JAKARTA – There is something urgent at the ESET World 2021 conference, this annual event usually discusses the latest research. And for one, ESET researchers found cyber espionage activity moving under the radar. This dangerous activity is named Gelsemium.

In mid-2020, ESET researchers began to analyze several cyber operations, which were then linked to groups Gelsemium , and traced the earliest version of the malware to 2014. The victims of this operation are located in Asia and come from various sectors.

READ ALSO – Animal Manure Israel’s New Guidance Matches Solomon’s Remnants

Here are other facts revealed from the ESET research

• Gelsemium is a cyber espionage group active since 2014
• Gelsemium was behind the supply chain attack on BigNox previously reported as Operation NightScout
• Found a new version of Gelsemium, a complex and modular malware, later referred to as Gelsemine, Gelsenicine, and Gelsevirine

“The entire Gelsemium chain may seem simple at first glance, but the complete number of configurations, implanted at each stage, can change the settings for the final charge, making it more difficult to understand,” explains ESET researcher Thomas Dupuy who is actively conducting Gelsemium research analysis.

BigNox

Recently, Asian gamers were shaken by the news that NoxPlayer, an Android emulator for PCs and laptops popular in Asia including Indonesia, is sending malware to its users’ PCs.

What was sent was a malicious update originating from NoxPlayer’s backend infrastructure which was found to contain certain codes that could harm the computer.

The results of the ESET investigation report that there are at least three variants that endanger NoxPlayer emulator users. The malware can record what is typed, retrieve files and spy remotely.

By itself, hundreds of millions of NoxPlayer users, mostly in Asia, are targets specifically targeting the emulator game community, and through in-depth research, the mastermind behind this espionage attack is none other than Gelsemium.

New Gelsemium

Efforts to continue spreading malware to absorb information across Asia continue to move quietly under the radar. They are good at it since seven years ago and have a clear scheme of where their espionage is going.

– .