11.Locks IsometricPattern

Hackers are deploying new Linux malware variants in cyberespionage attacks, such as a new PingPull variant and a previously undocumented backdoor tracked as 'Sword2033.'

PingPull is a RAT (remote access trojan) first documented by Unit 42 last summer in espionage attacks conducted by the Chinese state-sponsored group Gallium, also known as Alloy Taurus. The attacks targeted government and financial organizations in Australia, Russia, Belgium, Malaysia, Vietnam, and the Philippines.


Unit 42 continued to monitor these espionage campaigns and today reports that the Chinese threat actor uses new malware variants against targets in South Africa and Nepal.

The Linux variant of PingPull is an ELF file that only 3 out of 62 anti-virus vendors currently flag as malicious.