At least 80 businesses targeted by the Chinese Winnti hacking group APT41

At least 80 businesses were targeted by the Chinese Winnti hacking group, also known as “APT41” or “Wicked Spider,” last year, and at least thirteen of those networks were successfully compromised. Researchers at Group-IB have been keeping an eye on Wintti’s activity, and they believe 2021 will be one of the most “intense” years for Chinese hackers. Winnti specifically targeted American software development and hospitality businesses, an aviation company in India, as well as media, manufacturing, and governmental organizations in Taiwan, as well as software vendors in China, according to the experts.

In order to accomplish their objectives, Winnti also breached Thai military portals, academic websites in the UK, Ireland, and Hong Kong, as well as a number of government websites in India. In the course of these campaigns, Winnti used a variety of destructive tactics, including phishing, watering holes, supply chain intrusions, and several SQL injections. To find vulnerabilities in targeted networks or to spread laterally within them, threat actors integrated general-purpose and specialized tools, such as Acunetix, Nmap, SQLmap, OneForAll, subdomain3, subdomain brute, Sublist3r, and the “venerable” Cobalt Strike.

Group IB may guess the geographical location of the hackers based on their working hours, which typically follow a defined schedule, as a consequence of its comprehensive monitoring of the threat group’s activity.

The team starts working at 9:00 AM and ends around 7:00 PM in the UTC+8 time zone. In order to execute operations against targets in China, Malaysia, Singapore, Russia, Australia, and Malaysia in real-time, the hacker group is currently in a strong position. However, some activity was observed on Sundays, suggesting that Winnti may have been working on activities that understaffed IT professionals are unlikely to detect. Winnti spent relatively little time on the weekends.




Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More