20 Aug 2020 White Paper

Winnti: More than Just Windows and Gates

Download Now

To download this white paper you’ll need an Infosecurity Magazine account. Log in or sign up below.

Log In

Email Address

Password Forgotten your password?

Sign Up

Get up-to-the-minute news and opinions, plus access to a wide assortment of Information Security resources that will keep you current and informed.

Name

Email Address

Please send me your eNewsletter

Company Name

Country

Nickname This will be used to identify you if you take part in our online comments.

Password Your password should be at least six characters long. It is case sensitive. Passwords can only consist of alphanumeric characters or ~!@#$%^&*()_-+=?.

For more information explaining how we use your information please see our privacy policy.

By registering you agree with our terms and conditions.

The Winnti malware family was first reported in 2013 by Kaspersky Lab. Since then, threat actors leveraging Winnti malware have victimized a diverse set of targets for varied motivations.

The underlying hypothesis is that the malware itself may be shared (or sold) across a small group of actors. In April 2019, reports emerged of an intrusion involving Winnti malware at a German Pharmaceutical company.

Following these reports, Chronicle researchers doubled down on efforts to try to unravel the various campaigns where Winnti was leveraged. Analysis of these larger convoluted clusters is ongoing.

While reviewing a 2015 report of a Winnti intrusion at a Vietnamese gaming company, Chronicle identified a small cluster of Winnti samples designed specifically for Linux.

This white paper is a technical analysis of this variant.

Brought to You by

Should you download this whitepaper your information will be shared with the sponsor indicated above. See our privacy policy for more information.