NoxPlayer Supply-Chain Attack is Likely the Work of Gelsemium Hackers
Jun 14, 2021
A new cyber espionage group named Gelsemium has been linked to a supply chain attack targeting the NoxPlayer Android emulator that was disclosed earlier this year. The findings come from a systematic analysis of multiple campaigns undertaken by the APT crew, with evidence of the earliest attack dating back all the way to 2014 under the codename Operation TooHash based on malware payloads deployed in those intrusions. "Victims of these campaigns are located in East Asia as well as the Middle East and include governments, religious organizations, electronics manufacturers and universities," cybersecurity firm ESET said in an analysis published last week. "Gelsemium's whole chain might appear simple at first sight, but the exhaustive configurations, implanted at each stage, modify on-the-fly settings for the final payload, making it harder to understand." Targeted countries include China, Mongolia, North and South Korea, Japan, Turkey, Iran, Iraq, Saudi