A well-known Chinese state-sponsored threat actor has been seen using a brand new remote access trojan (RAT) in its espionage campaigns against companies around the world. Cybersecurity researchers from Unit 42, Palo Alto Networks’ cybersecurity arm, published a report recently, saying that Gallium, as the threat actor is known, is using malware (opens in new tab) called PingPull. PingPull is a “difficult-to-detect” backdoor that communicates with its command & control (C2) server via Internet Control Message Protocol (ICMP), which is not that common. It’s built on C++, and allows threat actors to run arbitrary commands on the compromised endpoint (opens...