Select Page

The China-aligned espionage-focused actor dubbed Winnti has set its sights on government organizations in Hong Kong as part of an ongoing campaign dubbed Operation CuckooBees.

Active since at least 2007, Winnti (aka APT41, Barium, Bronze Atlas, and Wicked Panda) is the name designated to a prolific cyber threat group that carries out Chinese state-sponsored espionage activity, predominantly aimed at stealing technology secrets from organizations in developed economies.

The threat actor’s campaigns have targeted healthcare, telecoms, high-tech, media, agriculture, and education sectors, with infection chains primarily relying on spear-phishing emails with attachments to initially break into the victims’ networks.

Earlier this May, Cybereason disclosed long-running attacks orchestrated by the group since 2019 to siphon intellectual property from technology and manufacturing companies mainly located in East Asia, Western Europe, and North America.

The intrusions, clubbed under the moniker Operation CuckooBees, are estimated to have resulted in the exfiltration of “hundreds of gigabytes of information,” the Israeli cybersecurity company revealed.

images from Hacker News