Winnti Umbrella, a Chinese state-sponsored threat actor, is continuing to target organizations of interest to the Chinese government (including government, media, and information technology organizations). The group was using Keyplug, a Linux version of the custom modular backdoor, to gain access to victims’ networks, exfiltrating information in line with espionage operations.
- Aviation, automotive, education, government, media, information technology, and religious organizations
Suspected state sponsor
Type of incident
- Civil society
- Private sector