Nation-State Actor

GALLIUM

China • Active since 2018

GALLIUM hacks phone companies to spy on their customers. They break into telecom networks and can potentially monitor calls and messages without anyone knowing.

Overview

GALLIUM is a Chinese state-sponsored threat group that targets telecommunications providers worldwide to collect data and monitor communications of interest to the Chinese government.

Also Known As

Granite Typhoon, Alloy Taurus

Target Industries

Telecommunications, Government, Finance, Technology

Target Regions

Southeast Asia, Europe, Middle East, Africa

Is your business exposed?

Tactics, Techniques & Procedures

  • Telecom targeting
  • Web shell deployment
  • Credential theft
  • Living off the land
  • Long-term persistence

Known Tools & Malware

PingPull, China Chopper, HTRAN, Mimikatz, QuasarRAT

Notable Campaigns

Telecom Provider Targeting (2019-2023)

Systematic compromise of telecom providers across multiple regions.

PingPull Malware Campaign (2022)

Deployment of PingPull malware against financial and government targets.

MITRE ATT&CK Techniques

T1190, T1505.003, T1003, T1059, T1078

Defense Recommendations

  1. 1.

    Implement telecom security monitoring

  2. 2.

    Monitor for PingPull indicators

  3. 3.

    Scan for web shells in telecom infrastructure

Related Threat Actors

Apt10 Stone Panda, Salt Typhoon

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices