New ESET white paper released describing updates to the malware arsenal and campaigns of this group known for its supply-chain attacks
Today, ESET Research releases a white paper updating our understanding of the Winnti Group. Last March, ESET researchers warned about a new supply-chain attack targeting video game developers in Asia. Following that publication, we continued those investigations in two directions. We were interested in finding any subsequent malware stages delivered by that attack, and we also tried to find how the targeted developers and publishers were compromised to deliver the Winnti Group’s malware in their applications.
While we continued that investigation of the Winnti Group, additional reports on their activities were published. Kaspersky released details about the ShadowHammer malware that was found in the Asus Live Update utility. That report also mentioned some of the techniques we describe in detail in this new white paper, such as the existence of a VMProtect packer and a brief description of the PortReuse backdoor. FireEye also published a paper about a group it calls APT41. Our research confirms some of their findings regarding the subsequent stages in some of the supply-chain attacks, such as the use of compromised hosts for mining cryptocurrencies.
Our white paper provides a technical analysis of the recent malware used by the Winnti Group. This analysis further refines our understanding of their techniques and allows us to infer relationships between the different supply-chain incidents.
We hope the white paper and indicators of compromise we release today will help targeted organizations find if th ..
Support the originator by clicking the read the rest link below.
