Winnti

Pierluigi Paganini January 15, 2021
Winnti APT continues to target game developers in Russia and abroad

A Chinese Threat actor targeted organizations in Russia and Hong Kong with a previously undocumented backdoor, experts warn. Cybersecurity researchers from Positive Technologies have uncovered a series of attacks conducted by a Chinese threat actor that aimed at organizations in Russia and Hong Kong. Experts attribute the attacks to the China-linked Winnti APT group (aka APT41) […]

Pierluigi Paganini January 05, 2021
Experts linked ransomware attacks to China-linked APT27

Researchers from security firms Profero and Security Joes linked a series of ransomware attacks to the China-linked APT27 group. Security researchers from security firms Profero and Security Joes investigated a series of ransomware attacks against multiple organizations and linked them to China-linked APT groups. The experts attribute the attacks to the Chinese cyberespionage group APT27 […]

Pierluigi Paganini May 22, 2020
Winnti uses a new PipeMon backdoor in attacks aimed at the gaming industry

The Winnti hacking group continues to target gaming industry, recently it used a new malware named PipeMon and a new method to achieve persistence. Winnti hacking group is using a new malware dubbed PipeMon and a novel method to achieve persistence in attacks aimed at video game companies. The Winnti group was first spotted by Kaspersky […]

Pierluigi Paganini February 01, 2020
Winnti APT Group targeted Hong Kong Universities

Winnti Group has compromised computer systems at two Hong Kong universities during the Hong Kong protests that started in March 2019. Hackers from the China-linked Winnti group have compromised computer systems at two Hong Kong universities during the Hong Kong protests that started in March 2019. Researchers from ESET discovered the attacks in November 2019 […]

Pierluigi Paganini October 15, 2019
Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Winnti Group is back with a new modular Win backdoor that was used to infect the servers of a high-profile Asian mobile hardware and software manufacturer. Security experts at ESET revealed that Winnti Group continues to update its arsenal, they observed that the China-linked APT group using a new modular Windows backdoor that they used to infect the […]

Pierluigi Paganini May 20, 2019
Chronicle experts spotted a Linux variant of the Winnti backdoor

Security researchers from Chronicle, Alphabet’s cyber-security division, have spotted a Linux variant of the Winnti backdoor. Security experts from Chronicle, the Alphabet’s cyber-security division, have discovered a Linux variant of the Winnti backdoor. It is the first time that researchers found a Linux version of the backdoor user by China-linked APT groups tacked as Winnti. […]

Pierluigi Paganini March 26, 2017
The Winnti Gang continues its activity and leverages GitHub for C&C Communications

Trend Micro discovered the Chinese threat actor Winnti has been abusing GitHub service for command and control (C&C) communications. Security experts at Trend Micro continue to monitor the activities of the Chinese Winnti hacker group, this time the hackers have been abusing GitHub for command and control (C&C) communications. “Recently, the Winnti group, a threat actor with […]

Pierluigi Paganini April 16, 2013
DHS alerted energy companies on ongoing spear-phishing campaign

Cyber espionage is considerable as  one of the most aggressive and dangerous cyber threats, its silent operation could steal sensitive information, company secrets and intellectual properties for a long time. Recently many cyber espionage campaigns have been discovered, last in order of time is the Winnti campaign but we cannot forted also Red October and […]

Pierluigi Paganini April 12, 2013
Winnti – a cyber espionage case for gaming industry

Another cyber espionage campaign has been discovered by Kaspersky Lab Team, I start to get the feeling that whatever is done online we cannot avoid being spied. What is singular this time is the sector hit by the attackers, the gaming industry, that using a malware signed with a valid digital certificate has been used […]