Grayling activity was first observed in early 2023, when a number of victims were identified with distinctive malicious DLL side-loading activity. Grayling appears to target organisations in Asia, however one unknown organisation in the United States was also targeted. Industries targeted include Biomedical, Government and Information Technology. Grayling use a variety of tools during their attacks, including well known tools such as Cobalt Strike and Havoc and also some others.
There are currently no families associated with this actor.
Grayling: Previously Unseen Threat Actor Targets Multiple Organizations in Taiwan
Cobalt Strike Havoc MimiKatz Grayling