https://www.bleepingcomputer.com/news/security/chinese-hackers-use-new-linux-malware-variants-for-espionage/

Hackers are deploying new Linux malware variants in cyberespionage attacks, such as a new PingPull variant and a previously undocumented backdoor tracked as 'Sword2033.' 

PingPull is a RAT (remote access trojan) first documented by Unit 42 last summer in espionage attacks conducted by the Chinese state-sponsored group Gallium, also known as Alloy Taurus. The attacks targeted government and financial organizations in Australia, Russia, Belgium, Malaysia, Vietnam, and the Philippines.