Summary: The Winnti threat actor has been connected to the RevivalStone campaign targeting Japanese companies in the manufacturing and energy sectors in March 2024, utilizing advanced malware techniques for cyber espionage. This campaign is associated with APT41, known for its stealthy and methodical attacks, which involve exploiting vulnerabilities in systems for persistent access. Recent findings indicate the group is continuously evolving its malware capabilities to override security measures and enhance its espionage activities.
Affected: Japanese manufacturing and energy sectors, including managed service providers
Keypoints :
- RevivalStone campaign attributed to Winnti targeting Japan in March 2024.
- Exploitation of SQL injection vulnerabilities to drop advanced malware such as China Chopper and Behinder.
- Collaboration with infrastructure of managed service providers to disseminate malware across multiple organizations.
- New Winnti malware includes improved obfuscation and evasion features, suggesting ongoing development and sophistication.
Source: https://thehackernews.com/2025/02/winnti-apt41-targets-japanese-firms-in.html