Rising Tactics of Winnti Hackers Include Deploying Glutton PHP Backdoors

 

In the past few months, researchers at a Chinese cybersecurity firm have been responsible for the discovery of an advanced PHP backdoor that supports Winnti, a group linked to Chinese cybercrime that is launching increasingly sophisticated attacks.

Research has been conducted into the use of a PHP-based backdoor called Glutton, which has been used by cyber criminals to target China, Japan, the Republic of Korea, Cambodia, Pakistan, and South Africa through cyber attacks. 

As early as late April 2024, the Chinese nation-state group set up by Winnti (aka APT41), which has roots in North Korea, discovered malicious activity in a network from the Chinese nation-state group Chongqing Henchmen.

The company also disclosed that its investigation revealed that Glutton’s creators deliberately targeted systems within the cybercrime market with their tools to create malware. They poisoned operations intending to turn cybercriminals’ tools against them, similar to the classic scenario from the movie.

The Winnti hacking group, sometimes referred to as APT41 is a notorious state-sponsored group known for conducting cyber espionage and financial fraud campaigns on be

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: