Researchers ID new RAT developed by Chinese hacking group with growing target list

Written by
Jun 13, 2022 | CYBERSCOOP

An established Chinese hacking group known for targeting telecommunications, finance and government organizations around the world has developed a “new, difficult-to-detect” remote access trojan it is using as part of its espionage activities, researchers with Palo Alto Networks’ Unit 42 said in research published Monday.

The researchers spotted the malware as part of their ongoing monitoring of a hacking group known as Gallium, a Chinese state-sponsored group active since at least 2012 according to Mitre, a nonprofit research organization funded by private grants and the U.S. government.

Gallium has extended its targeting beyond telecommunications over the last year, the Unit 42 researchers wrote, to include financial institutions and government entities.

The remote access trojan (RAT), dubbed “PingPull” by the researchers, can make it more difficult to detect its command and control communications in part by leveraging the ICMP protocol, typically used by devices on a network to diagnose communication issues and send error reports. The use of ICMP is not a novel technique, but PingPull makes detection harder “as few organizations implement inspection of ICMP traffic on their networks,” the researchers wrote.

It’s not clear in how many

Read More: