Winnti Hackers Attacking Japanese Organizations With New Malware

The China-based Winnti Group has targeted Japanese organizations in a recent cyberattack campaign known as “RevivalStone,” in the manufacturing, materials, and energy sectors. With the increasing sophistication of such threats, organizations must stay proactive, employing cutting-edge security measures to detect, mitigate, and prevent these targeted cyber intrusions. The Winnti Group, known for its involvement in both cybercrime and espionage, has been linked to APT41, a subgroup with ties to private contractors operating on behalf of the Chinese government. It receives POST requests with specific parameters, enabling various attack activities on the target host, ultimately leading to the deployment of Winnti malware. While the Winnti Group initially focused on the gaming industry around 2010 but has since expanded its targets to organizations handling intellectual property across various fields. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This loader decrypts DAT files to initiate the Winnti RAT, which in turn deploys the Winnti Rootkit using the amonitor.sys installer, ensuring deep system infiltration and persistence. The Winnti Group’s reliance on advanced malware and WebShells shows the critical need for strong cybersecurity defenses. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. This campaign, confirmed in March 2024, utilizes a new version of the Winnti malware with enhanced capabilities. The RevivalStone campaign begins with an SQL injection vulnerability exploit in the target organization’s ERP system, allowing the attackers to deploy a WebShell. The Winnti Loader is designed to evade detection by copying legitimate DLLs to the System32 folder and loading them dynamically. The attackers then deploy Winnti malware as a foothold for further attacks. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 13 Feb 2025 13:45:24 +0000

Cyber News related to Winnti Hackers Attacking Japanese Organizations With New Malware

Winnti Hackers Attacking Japanese Organizations With New Malware - The China-based Winnti Group has targeted Japanese organizations in a recent cyberattack campaign known as “RevivalStone,” in the manufacturing, materials, and energy sectors. With the increasing sophistication of such threats, ...
3 hours ago Cybersecuritynews.com

PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
1 year ago Securityintelligence.com

Microsoft: Iranian hackers target researchers with new MediaPl malware - Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. The attackers, a ...
1 year ago Bleepingcomputer.com

Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
7 months ago Pandasecurity.com

Optimizing Cybersecurity: How Hackers Use Golang Source Code Interpreter to Evade Detection - Hackers have been upping the stakes when it comes to executing cyberattacks, and an increasingly popular tool in their arsenal is the Golang source code interpreter. Reportedly, the interpreter is used to obfuscate code, thus making it harder for ...
2 years ago Bleepingcomputer.com

Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
9 months ago Cybersecurity-insiders.com

Latest Cyber News

How Public & Private Sectors Can Better Align Cyber Defense - 4 hours ago
APT43 Hackers Attacking Academic Institutions With Exposed Credentials - 53 minutes ago
An Italian journalist speaks about being targeted with Paragon spyware | The Record from Recorded Future News - 1 hour ago
CVE-2025-25901 - 1 hour ago
CVE-2025-24904 - 1 hour ago
CVE-2025-25355 - 1 hour ago
CVE-2024-12011 - 1 hour ago
ANYRUN Safebrowsing Extension - Analyse Any Malicious URL for Free - 1 hour ago
CVE-2025-0426 - 2 hours ago
Munich Cyber Security and Security Conferences 2025 [Live Updates] | The Record from Recorded Future News - 2 hours ago
Chinese espionage tools deployed in RA World ransomware attack - 2 hours ago
CVE-2025-26580 - 3 hours ago
CVE-2025-26582 - 3 hours ago
CVE-2025-26569 - 3 hours ago
CVE-2025-26570 - 3 hours ago
CVE-2025-26571 - 3 hours ago
CVE-2025-26572 - 3 hours ago
CVE-2025-26574 - 3 hours ago
CVE-2025-26577 - 3 hours ago
CVE-2025-26578 - 3 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2025-0995 - 1 day ago
CVE-2025-0996 - 1 day ago
CVE-2025-0997 - 1 day ago
CVE-2025-0998 - 1 day ago
CVE-2025-24528 - 1 day ago
CVE-2024-11343 - 1 day ago
CVE-2024-12629 - 1 day ago
CVE-2024-9870 - 1 day ago
CVE-2025-0332 - 1 day ago
CVE-2025-0516 - 1 day ago
CVE-2025-1208 - 1 day ago
CVE-2025-25349 - 1 day ago
CVE-2025-25351 - 1 day ago
CVE-2025-0112 - 1 day ago
CVE-2024-11628 - 1 day ago
CVE-2024-11629 - 1 day ago
CVE-2025-0919 - 1 day ago
CVE-2025-0925 - 1 day ago
CVE-2025-1209 - 1 day ago
CVE-2025-1210 - 1 day ago