Alloy Taurus is a Chinese nation-state group that has been active since at least 2012, targeting telecom companies, financial institutions, and government entities. Recently, they have been linked to a campaign called Tainted Love which targets telecommunication providers in the Middle East. Unit 42, a cybersecurity company, has identified a Linux variant of a backdoor called PingPull and a new undocumented tool codenamed Sword2033 that the group has been using in malicious cyber activity targeting South Africa and Nepal. PingPull is a remote access trojan that uses the Internet Control Message Protocol (ICMP) for command-and-control (C2) communications, while Sword2033 is capable of uploading and exfiltrating files and executing commands. The domain used for Sword2033 resolves to an IP address that was previously identified as an active indicator of compromise associated with a prior campaign targeting companies in Southeast Asia, Europe, and Africa. South Africa recently held a joint 10-day naval drill with Russia and China, which may be connected to the targeting of the country. These findings suggest that Alloy Taurus is continuing to evolve their operations in support of their espionage activities.
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website
Source: Hackernews