Gallmaker

Description

(Symantec) Symantec researchers have uncovered a previously unknown attack group that is targeting government and military targets, including several overseas embassies of an Eastern European country, and military and defense targets in the Middle East. This group eschews custom malware and uses living off the land (LotL) tactics and publicly available hack tools to carry out activities that bear all the hallmarks of a cyber espionage campaign.

The group, which we have given the name Gallmaker, has been operating since at least December 2017, with its most recent activity observed in June 2018.

Names

Name	Name-Giver
Gallmaker	Symantec

Country

Unknown

Motivation

Information theft and espionage

First Seen

2017

Observed Sectors

Observed Countries

Eastern Europe and Middle East

Tools

Living off the Land

Information

https://www.symantec.com/blogs/threat-intelligence/gallmaker-attack-group

Mitre Attack

https://attack.mitre.org/groups/G0084/

Other Information

Uuid

dafbb134-1652-4444-8b12-9b4cc121e3c2

Last Card Change

2020-04-22

Threat Intelligence Garden

Explorer

Gallmaker

Gallmaker

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Tools

Information

Mitre Attack

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks