Cyber Threat Report: 'The Operations of Winnti group'

This report from researchers at NTT describes activity which they attribute to the Winnti Group (who they refer to as ENT-1) and identify overlaps with other reporting by ESET and Dr Web. The report describes the group as highly active, with multiple operations which are largely focused on organizations in Asia with victims in countries including Mongolia, Japan, Myanmar, Taiwan, Philippines and Australia. The researchers outline tools used by the group including Acunitix for vulnerability scanning and CobaltStrike for command and control. Custom tooling detailed includes the use of Shadowpad, Spyder and the Winnti backdoor. The report also includes indicators of compromise (IoCs) associated with Winnti Group (ENT-1).