A Chinese-based threat group known as Gallium has been observed using a newly discovered Remote Access Trojan (RAT) in its espionage attacks. These attacks have targeted companies operating in Southeast Asia, Europe, and Africa. This RAT, named PingPull, is notable for the fact that it can use the Internet Control Message Protocol (ICMP) to carry out its Command and Control (C2) activity. It does this by sending specially crafted ICMP Echo Request packets to the C2 server, which responds with Echo Reply packets to issue commands to the system. These packets use the same structure and contain a Base64 encoded...