Chinese state-sponsored Gallium APT group is using a new, difficult-to-detect RAT—PingPull—in its espionage campaigns. The RAT can leverage ICMP, raw TCP, and HTTP(S) protocols for C2 communication. The targeted entities are based in Australia, Russia, the Philippines, Belgium, Vietnam, Malaysia, Cambodia, and Afghanistan.