Security News > 2022 > June > Gallium hackers backdoor finance, govt orgs using new PingPull malware
The Gallium state-sponsored hacking group has been spotted using a new 'PingPull' remote access trojan against financial institutions and government entities in Europe, Southeast Asia, and Africa.
Gallium is believed to originate from China, and its targeting scope of the telecommunications, finance, and government sectors in espionage operations aligns with the country's interests.
In recent campaigns, Gallium is employing a new RAT named PingPull, which analysts at Unit42 characterize as particularly stealthy.
The PingPull malware is designed to give threat actors a reverse shell on the compromised machine, allowing them to execute commands remotely.
This snapshot of recent Gallium campaigns revealed a new RAT, which indicates that the hacking group is still an active and evolving threat.
Based on the most recent reports, Gallium has expanded that scope to include key government entities and financial institutions in Asia, Africa, Europe, and Australia.
News URL
Related news
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)