ESET researchers have linked a cyberespionage group known as Gelsemium to the NoxPlayer Android emulator supply-chain attack that targeted gamers earlier this year. The group is known for targeting governments, religious organizations, electronics manufacturers, and universities from East Asia and the Middle East but has mostly flown under the radar. ESET also found early versions of the group’s Gelsevirine backdoor while investigating several campaigns since mid-2020. They’ve also been observed by VenusTech using watering holes set up on intranet servers in 2018, while ESET spotted them using a pre-authentication RCE exploit against vulnerable Exchange servers.
Source: https://www.bleepingcomputer.com/news/security/stealthy-gelsemium-cyberspies-linked-to-noxplayer-supply-chain-attack/