Security News > 2022 > June > Gallium hackers backdoor finance, govt orgs using new PingPull malware
The Gallium state-sponsored hacking group has been spotted using a new 'PingPull' remote access trojan against financial institutions and government entities in Europe, Southeast Asia, and Africa.
Gallium is believed to originate from China, and its targeting scope of the telecommunications, finance, and government sectors in espionage operations aligns with the country's interests.
In recent campaigns, Gallium is employing a new RAT named PingPull, which analysts at Unit42 characterize as particularly stealthy.
The PingPull malware is designed to give threat actors a reverse shell on the compromised machine, allowing them to execute commands remotely.
This snapshot of recent Gallium campaigns revealed a new RAT, which indicates that the hacking group is still an active and evolving threat.
Based on the most recent reports, Gallium has expanded that scope to include key government entities and financial institutions in Asia, Africa, Europe, and Australia.
News URL
Related news
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- Hacker infects 18,000 "script kiddies" with fake malware builder (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)