Security News > 2023 > April > Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks
The Chinese nation-state group dubbed Alloy Taurus is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033.
Alloy Taurus is the constellation-themed moniker assigned to a threat actor that's known for its attacks targeting telecom companies since at least 2012.
Interestingly, PingPull's parsing of the C2 instructions mirrors that of the China Chopper, a web shell widely used by Chinese threat actors, suggesting that the threat actor is repurposing existing source code to devise custom tools.
The malware's links to Alloy Taurus stems from the fact that the domain resolved to an IP address that was previously identified as an active indicator of compromise associated with a prior campaign targeting companies operating in Southeast Asia, Europe, and Africa.
"Alloy Taurus remains an active threat to telecommunications, finance and government organizations across Southeast Asia, Europe and Africa," Unit 42 said.
"The identification of a Linux variant of PingPull malware, as well as recent use of the Sword2033 backdoor, suggests that the group continues to evolve their operations in support of their espionage activities."
News URL
https://thehackernews.com/2023/04/chinese-hackers-using-pingpull-linux.html
Related news
- Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (source)
- Hackers abuse QEMU to covertly tunnel network traffic in cyberattacks (source)
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Chinese Earth Krahang hackers breach 70 orgs in 23 countries (source)
- CISA shares critical infrastructure defense tips against Chinese hackers (source)
- A “cascade” of errors let Chinese hackers into US government inboxes (source)
- Targus discloses cyberattack after hackers detected on file servers (source)