Japan had organizations in the energy, manufacturing, and materials industries targeted by Chinese state-sponsored hacking operation Winnti, also known as APT41, as part of the RevivalStone attack campaign last March, according to The Hacker News.
Intrusions involved the exploitation of an enterprise resource planning system's SQL injection vulnerability to facilitate the deployment of China Chopper and Behinder web shells, reconnaissance and lateral movement efforts, and the distribution of updated Winnti malware, which features more sophisticated security bypass measures and encryption algorithms, a report from Japanese cybersecurity firm LAC showed. Attackers also leveraged a shared account to compromise a managed service provider, whose infrastructure was later tapped to deliver the malware to three other entities, said LAC researchers, who also discovered TreadStone and StoneV5 references in the campaign. "If TreadStone has the same meaning as the Winnti malware, it is only speculation, but StoneV5 could also mean Version 5, and it is possible that the malware used in this attack is Winnti v5.0," researchers added.
