Targeting of organizations of strategic interest to the Chinese government

Date of report

March 2023

Affiliations

WInnti Umbrella

Winnti Umbrella, a Chinese state-sponsored threat actor, is continuing to target organizations of interest to the Chinese government (including government, media, and information technology organizations). The group was using Keyplug, a Linux version of the custom modular backdoor, to gain access to victims’ networks, exfiltrating information in line with espionage operations.

Suspected victims

Aviation, automotive, education, government, media, information technology, and religious organizations

Suspected state sponsor

China

Type of incident

Espionage

Target category

Government
Civil society
Private sector

Victim government reaction

Unknown

Policy response

Unknown

With KeyPlug, China’s RedGolf spies on and steals from a wide field of targets
Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events