Security News > 2022 > June > Gallium hackers backdoor finance, govt orgs using new PingPull malware
The Gallium state-sponsored hacking group has been spotted using a new 'PingPull' remote access trojan against financial institutions and government entities in Europe, Southeast Asia, and Africa.
Gallium is believed to originate from China, and its targeting scope of the telecommunications, finance, and government sectors in espionage operations aligns with the country's interests.
In recent campaigns, Gallium is employing a new RAT named PingPull, which analysts at Unit42 characterize as particularly stealthy.
The PingPull malware is designed to give threat actors a reverse shell on the compromised machine, allowing them to execute commands remotely.
This snapshot of recent Gallium campaigns revealed a new RAT, which indicates that the hacking group is still an active and evolving threat.
Based on the most recent reports, Gallium has expanded that scope to include key government entities and financial institutions in Asia, Africa, Europe, and Australia.
News URL
Related news
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)