![]() ![]() Winnti’s targeting often matches China’s geopolitical interests and there is evidence the group acted as contractor for Chinese government agencies that engage in cyberespionage, such as China’s Ministry of State Security (MSS) and the People’s Liberation Army (PLA). The group uses a large malware toolset which includes a backdoor program called Winnti and has used a variety of attack vectors in its campaigns over the years, including software supply-chain attacks via software from NetSarang, CCleaner and ASUS. Winnti, also tracked in the security industry as APT41, Axiom, Barium, Wicked Panda and other names, is one of the longest-running Chinese cyberespionage groups with its malicious activities going as far back as 2007. Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), dubbed the cyberespionage campaign Operation CuckooBees and identified victims in Asia, Europe and North America. “The attackers targeted intellectual property developed by the victims, including sensitive documents, blueprints, diagrams, formulas, and manufacturing-related proprietary data.”Ĭybereason, who shared its findings with the U.S. ![]() “With years to surreptitiously conduct reconnaissance and identify valuable data, it is estimated that the group managed to exfiltrate hundreds of gigabytes of information,” researchers from security firm Cybereason said in a new report. ![]() The campaign uses previously undocumented malware and is attributed to a Chinese state-sponsored APT group known as Winnti. Security researchers have uncovered a cyberespionage campaign that has remained largely undetected since 2019 and focused on stealing trade secrets and other intellectual property from technology and manufacturing companies across the world. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |