GALLIUM: According to Microsoft’s Threat Intelligence Center, the threat group known as GALLIUM has recently been targeting the telecom industry. Microsoft has already been warning their clients about the group when they notice an attack but wanted to raise awareness for the group overall throughout the security industry. The group is exploiting unpatched vulnerabilities in internet-facing servers and is primarily utilizing the WildFly/JBoss vulnerability. Once persistence is established, the group uses common techniques and tools to move around the network. The group uses custom malware once they are in a network, as well as publicly available toolkits. GALLIUM modifies the malware and toolkits they are using in their attacks, customizing them and making them harder for anti-virus to detect. The group relies on a low-cost methodology to carry out their attacks and regularly re-uses hop points—this provides an opportunity for defenders to detect malicious network traffic by sharing network indications of compromise (IOCs) from known intrusion activity.