Gallium
High ConfidenceHigh ThreatSoftcell • Granite Typhoon • GALLIUM
GALLIUM is a Chinese state-sponsored threat actor that has been active since at least 2018, primarily targeting telecommunications providers, financial institutions, and government entities across Southeast Asia, Europe, Africa, and the Middle East. The group is known for exploiting internet-facing services and using publicly available tools alongside custom malware. GALLIUM's operations support Chinese intelligence collection objectives, with particular focus on gaining persistent access to telecommunications infrastructure for surveillance purposes.
GALLIUM is a Chinese state-sponsored threat actor that has been active since at least 2018, primarily targeting telecommunications providers, financial institutions, and government entities across Southeast Asia, Europe, Africa, and the Middle East. The group is known for exploiting internet-facing services and using publicly available tools alongside custom malware. GALLIUM's operations support Chinese intelligence collection objectives, with particular focus on gaining persistent access to telecommunications infrastructure for surveillance purposes.
Target Sectors
Target Regions
Attributed to MSS (Ministry of State Security) (China). Attribution confidence: High.
Future Outlook
Gallium is expected to continue operations targeting Telecommunications sectors.
First observed activity of Gallium
Continued active operations