Winnti

Over time, Winnti (also known as Winnti Group) has become an umbrella term which likely covers multiple overlapping threat groups linked to the People's Republic of China (PRC). The name comes from a specific piece of malware dubbed 'Winnti'.

The group has been linked to APT41, Wicked Panda, Wicked Spider, Blackfly and BARIUM. It has been linked to the Chinese company Chengdu 404 by the US government.

The Winnti Group has been reported as an elusive Chinese state-sponsored Advanced Persistent Threat (APT) group. Their activities span cyber espionage and cyber crime, with a focus on stealing sensitive technology-related information.

attack.mitre.org

https://attack.mitre.org/groups/G0044/

www.cfr.org

https://www.cfr.org/cyber-operations/winnti-umbrella

www.welivesecurity.com

https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/

services.global.ntt

https://services.global.ntt/-/media/ntt/global/insights/white-papers/the-operations-of-winnti-group.pdf

www.justice.gov

https://www.justice.gov/opa/pr/seven-international-cyber-defendants-including-apt41-actors-charged-connection-computer

www.cybereason.com

https://www.cybereason.com/blog/operation-cuckoobees-deep-dive-into-stealthy-winnti-techniques

www.welivesecurity.com

https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/