Targeting of Microsoft Exchange and MySQL servers

Date of report

September 2021

Affiliations

Winnti Umbrella, Grayfly

A Chinese threat actor that had been launching attacks using the novel backdoor technique SideWalk for several months is associated with the Chinese threat actor Winnti Umbrella. The attacks targeted businesses and academic institutions in the United States.

Suspected victims

U.S. universities and media companies

Suspected state sponsor

China

Type of incident

Espionage

Target category

Private sector
Civil society

Grayfly: Chinese Threat Actor Uses Newly-discovered Sidewalk Malware
SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’
US Media, Retailers Targeted by New SparklingGoblin APT

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events