FlagThis

CyberSecurity updates
2025-02-23 12:09:46 Pacfic
info@thehackernews.com (The Hacker News) @ The Hacker News
Winnti Group Targets Japanese Organizations with RevivalStone Malware - 8d
Read more: thehackernews.com

The Winnti Group, a China-based threat actor also known as APT41, is actively targeting Japanese organizations within the manufacturing, materials, and energy sectors. Researchers at LAC's Cyber Emergency Center identified a new campaign dubbed "RevivalStone," which employs an advanced version of the Winnti malware. This updated malware exhibits enhanced capabilities and sophisticated evasion techniques, posing a significant threat to the targeted industries.

This RevivalStone campaign initiates by exploiting SQL injection vulnerabilities in web-facing Enterprise Resource Planning (ERP) systems. Attackers deploy web shells like China Chopper to gain initial access, enabling reconnaissance, credential harvesting, and lateral movement within targeted networks. The updated Winnti malware variant features AES and ChaCha20 encryption, device-specific decryption keys using IP and MAC addresses, a kernel-level rootkit for covert data exfiltration, and code obfuscation to evade endpoint detection and response (EDR) systems.

Original img attribution: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGeWNKFsCurwnUB-hkVoPnr-j1Aihnf5o9wJ5z_uu_Yae13w4_iJM57lx7S9NysrtMbDCpgwEmy6k0ZCYl6SKGMQPQSjyKPbnY5Rma3P6aSqFzn8AJbzMHNdRJ2Upz4IZmR32cfyawvp_mHhGE-RSHrOrutruXpYnZqvuU_39N1oFb8jdMJruuHEeECCMx/s728-rw-e365/hackers.png
ImgSrc: blogger.googleusercontent.com
References:
  • www.lac.co.jp - Researchers from LAC's Cyber Emergency Center analyze the "RevivalStone" campaign operated by China-based threat group Winnti - 9d
  • cyberpress.org - Winnti Hackers Target Japanese Organizations with Advanced Malware - 9d
  • Talkback Resources - The content provides an in-depth analysis of the Winnti Group's activities, including the RevivalStone campaign, tools used such as WinntiWebShell and China Chopper, and techniques like AES encryption - 8d
  • @VirusBulletin - Researchers from LAC's Cyber ​​Emergency Center analyse the "RevivalStone" campaign operated by China-based threat group Winnti - 8d
  • Security Affairs - SecurityAffairs: China-linked APT group Winnti targets Japanese organizations since March 2024 - 4d
  • The Hacker News - Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign - 3d
  • Talkback Resources - China-linked APT group Winnti targeted Japanese organizations - 3d
  • Talkback Resources - Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign - 3d
  • SCM feed for Threat Management - Winnti attacks set sights on Japan - 3d

Classification:

This site is an experimental news aggregator using feeds I personally follow. You can provide me feedback using this form or using Bluesky.