Chinese state-sponsored threat actor Alloy Taurus has introduced a new variant of PingPull malware, designed to target Linux systems, Palo Alto Networks said in its research. Along with the new variant, another backdoor called Sword2033 was also identified by the researchers.
Alloy Taurus, a Chinese APT, has been active since 2012. The group conducts cyberespionage campaigns across Asia, Europe, and Africa. The group is known to target telecommunication companies but in recent years has also been observed targeting financial and government institutions.