Targeting of organizations of strategic interest to the Chinese government
Date of report
  • March 2023
Winnti Umbrella, a Chinese state-sponsored threat actor, is continuing to target organizations of interest to the Chinese government (including government, media, and information technology organizations). The group was using Keyplug, a Linux version of the custom modular backdoor, to gain access to victims’ networks, exfiltrating information in line with espionage operations.
Suspected victims
  • Aviation, automotive, education, government, media, information technology, and religious organizations
Suspected state sponsor
  • China
Type of incident
  • Espionage
Target category
  • Government
  • Civil society
  • Private sector
Victim government reaction
  • Unknown
Policy response