Researchers have discovered a sophisticated Winnti cyber assault that employs Windows computers in an ‘unusual’ manner. According to Cybereason, the effort is being carried out by the Chinese advanced persistent threat (APT) organization Winnti, which has been operating unnoticed for some years.
APT 41, or ‘Winnti’, which also goes by the affiliate names BARIUM and Blackfly, is one of the most prolific and successful Chinese state-sponsored threat groups, with a history of launching CCP-backed espionage and financially motivated attacks on US and other international targets that are frequently aligned with China’s Five-Year Economic Development Plans.
Cyberattacks against video game developers, software companies, and Hong Kong colleges have all been linked to the organization in the past. When the significant vulnerabilities in Microsoft Exchange Server ProxyLogon were initially made public, Winnti and other APTs exploited them. In two reports provided on Wednesday, Cybereason stated that it informed both the FBI and the US Department of Justice (DoJ) on the APT’s campaign, which has been active since 2019 but was just recently recognized.
According to cybersecurity specialists, covert operations have targeted the networks of technology and manufacturing organisations in Europe, Asia, and North America with the purpose of gaining valuable private data. Winnti’s ‘multi-stage infection chain’, nicknamed ‘Operation CuckooBees’, begins with exploiting flaws in enterprise resource planning (ERP) software and the deployment of the Spyder loader. According to the researchers, some of the exploited flaws were known, while others were zero-day vulnerabilities.
Post Your Comments