The China-aligned espionage-focused actor dubbed Winnti has set its sights on government organizations in Hong Kong as part of an ongoing campaign dubbed Operation CuckooBees.
Active since at least 2007, Winnti (aka APT41, Barium, Bronze Atlas, and Wicked Panda) is the name designated to a prolific cyber threat group that carries out Chinese state-sponsored espionage activity, predominantly aimed at stealing technology secrets from organizations in developed economies.
The threat actor’s campaigns have targeted healthcare, telecoms, high-tech, media, agriculture, and education sectors, with infection chains primarily relying on spear-phishing emails with attachments to initially break into the victims’ networks.
Earlier this May, Cybereason disclosed long-running attacks orchestrated by the group since 2019 to siphon intellectual property from technology and manufacturing companies mainly located in East Asia, Western Europe, and North America.
As a further sign of Winnti’s sophistication, Malwarebytes uncovered a separate set of attacks targeting government entities in Sri Lanka in early August with a new backdoor referred to as DBoxAgent that leverages Dropbox for command-and-control.