Hackers are currently employing new Linux malware variants for their cyberespionage attacks. These variants include a fresh PingPull version and an unrecorded backdoor that has been named “Sword2033.”
Last summer, Unit 42 identified PingPull as a RAT (remote access trojan) used in espionage attacks by Gallium, a Chinese state-sponsored group also known as Alloy Taurus. Their targets included government and financial organizations in Australia, Belgium, Malaysia, Russia, Vietnam, and the Philippines.
Unit 42 has been actively tracking these espionage campaigns and recently reported that the Chinese threat actor has started using new malware variants to target organizations in South Africa and Nepal.
Story credit
