Threat actor · all actors
GALLIUMG0093 state
🇨🇳 CN
aka GALLIUM, Granite Typhoon
Last updated: 2026-07-03
About this actor
[GALLIUM](https://attack.mitre.org/groups/G0093) is a cyberespionage group that has been active since at least 2012, primarily targeting telecommunications companies, financial institutions, and government entities in Afghanistan, Australia, Belgium, Cambodia, Malaysia, Mozambique, the Philippines, Russia, and Vietnam. This group is particularly known for launching Operation Soft Cell, a long-term campaign targeting telecommunications providers.(Citation: Cybereason Soft Cell June 2019) Security researchers have identified [GALLIUM](https://attack.mitre.org/groups/G0093) as a likely Chinese state-sponsored group, based in part on tools used and TTPs commonly associated with Chinese threat actors.(Citation: Cybereason Soft Cell June 2019)(Citation: Microsoft GALLIUM December 2019)(Citation: Unit 42 PingPull Jun 2022)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 31 / 45 | 69% |
CM-6 | 28 / 45 | 62% |
AC-3 | 27 / 45 | 60% |
AC-6 | 24 / 45 | 53% |
CM-2 | 24 / 45 | 53% |
AC-2 | 23 / 45 | 51% |
SI-3 | 22 / 45 | 49% |
CM-7 | 21 / 45 | 47% |
AC-5 | 17 / 45 | 38% |
CM-5 | 17 / 45 | 38% |
IA-2 | 17 / 45 | 38% |
SI-7 | 16 / 45 | 36% |
CA-7 | 14 / 45 | 31% |
RA-5 | 14 / 45 | 31% |
AC-4 | 12 / 45 | 27% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- C0017 0.39
- menuPass 0.39
- FIN13 0.35
- Operation CuckooBees 0.35
- SharePoint ToolShell Exploitation 0.34
Same nation-state
- Night Dragon 1.00
- FunnyDream 1.00
- Operation Wocao 1.00
- C0017 1.00
- Cutting Edge 1.00
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00