Targeting Linux systems in Nepal and South Africa

Date of report

April 2023

Affiliations

Gallium

Chinese threat actor Gallium is using a new variant of the PingPull malware to target the Linux systems of finance, government, and telecommunications organizations across Africa, Europe, and Southeast Asia.

Suspected victims

Finance, government, and telecommunications organizations across Africa, Europe, and Southeast Asia

Suspected state sponsor

China

Type of incident

Espionage

Target category

Civil society
Government
Private sector

Victim government reaction

Unknown

Policy response

Unknown

Suspected state sponsor response

Unknown

Chinese Alloy Taurus Updates PingPull Malware
Alloy Taurus APT Spotted Using PingPull and a New Backdoor to Target Linux Users

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events