Security News > 2023 > April > Chinese hackers use new Linux malware variants for espionage
Hackers are deploying new Linux malware variants in cyberespionage attacks, such as a new PingPull variant and a previously undocumented backdoor tracked as 'Sword2033.
PingPull is a RAT first documented by Unit 42 last summer in espionage attacks conducted by the Chinese state-sponsored group Gallium, also known as Alloy Taurus.
Unit 42 continued to monitor these espionage campaigns and today reports that the Chinese threat actor uses new malware variants against targets in South Africa and Nepal.
The Linux variant of PingPull is an ELF file that only 3 out of 62 anti-virus vendors currently flag as malicious.
Unit 42 comments that the command handlers used in PingPull match those observed in another malware named 'China Chopper,' a web shell seen heavily used in attacks against Microsoft Exchange servers.
In conclusion, Gallium continues to refine its arsenal and broadens its target range using the new Linux variants of PingPull and the newly discovered Sword2023 backdoor.
News URL
Related news
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)
- Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)
- SentinelOne Uncovers Chinese Espionage Campaign Targeting Its Infrastructure and Clients (source)
- Watch out for any Linux malware sneakily evading syscall-watching antivirus (source)
- Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool (source)