"Chinese 'Gallium' Hackers Using New PingPull Malware in Cyberespionage Attacks"

Gallium, a Chinese Advanced Persistent Threat (APT) group, has been spotted deploying a previously unknown Remote Access Trojan (RAT) in its espionage attacks targeting companies in Southeast Asia, Europe, and Africa. According to new research published by Palo Alto Networks Unit 42, the RAT called "PingPull" is a difficult-to-detect backdoor that uses the Internet Control Message Protocol (ICMP) for command-and-control (C2) communications. PingPull is a Visual C++-based malware that allows a threat actor to access a reverse shell and execute arbitrary commands on a compromised computer, which includes carrying out file operations, enumerating storage volumes, and timestamping files. Researchers have also identified PingPull variants relying on HTTPS and TCP to communicate with its C2 server instead of ICMP and more than 170 IP addresses associated with the group since late 2020. This article continues to discuss the history of the Gallium APT group, its expanded victimology, and its use of the new PingPull malware in cyberespionage attacks. 

THN reports "Chinese 'Gallium' Hackers Using New PingPull Malware in Cyberespionage Attacks"