Asian governments targeted in new Winnti attacks

Chinese hacking group Winnti, also known as APT41, Wicked Panda, Bronze Atlas, and Barium, has launched an onslaught of attacks against Asian government entities, The Hacker News reports. Hong Kong government organizations have been targeted to be infected with the Spyder Loader malware as part of the group's ongoing Operation CuckooBees campaign, which has already compromised numerous manufacturing and technology firms in North America, Western Europe, and East Asia, according to a report from the Symantec Threat Hunter team. Winnti has leveraged Spyder alongside Mimikatz, a trojanized zlib DLL module, and other post-exploitation tools as part of the attack but no final-stage malware was observed to be delivered. Meanwhile, a separate report from Malwarebytes revealed that Sri Lankan government entities have also been attacked by Winnti using the DBoxAgent malware in August. The DBoxAgent backdoor uses Dropbox for command-and-control and facilitates the deployment of other exploitation tools. "Winnti remains active and it's arsenal keeps growing as one of the most sophisticated groups nowadays," said Malwarebytes.