Security News > 2022 > June > Chinese 'Gallium' Hackers Using New PingPull Malware in Cyberespionage Attacks
A Chinese advanced persistent threat known as Gallium has been observed using a previously undocumented remote access trojan in its espionage attacks targeting companies operating in Southeast Asia, Europe, and Africa.
Called PingPull, the "Difficult-to-detect" backdoor is notable for its use of the Internet Control Message Protocol for command-and-control communications, according to new research published by Palo Alto Networks Unit 42 today.
Gallium is known for its attacks primarily aimed at telecom companies dating as far back as 2012.
PingPull, a Visual C++-based malware, provides a threat actor the ability to access a reverse shell and run arbitrary commands on a compromised host.
Also identified are PingPull variants that rely on HTTPS and TCP to communicate with its C2 server instead of ICMP and over 170 IP addresses associated with the group since late 2020.
"While the use of ICMP tunneling is not a new technique, PingPull uses ICMP to make it more difficult to detect its C2 communications, as few organizations implement inspection of ICMP traffic on their networks."
News URL
https://thehackernews.com/2022/06/chinese-gallium-hackers-using-new.html
Related news
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)