Hong Kong’s government org’s network compromised for a year

Symantec has discovered the existence of a year long China-linked cyberattacks, coming from espionage actor known as Winnti. It has been compromising government institutions in Hong Kong. The full malware was not yet found, but their most recent object is local governments’ special administrative area.

Cyberattacks on government institutions in Hong Kong by the China-linked espionage actor APT41 (also known as Winnti), which compromised them unnoticed for up to a year in certain cases, have been discovered by Symantec researchers.

The threat actor has been employing a piece of customised malware known as Spyder Loader that had previously been linked to the organisation.

The newly detected Hong Kong activity appears to be a component of the same operation, according to Symantec’s research, with targets of Winnti being local governments in the special administrative area.

Although Symantec was unable to recover the full malware, it appears that the objective of APT41’s most recent effort was to gather intelligence from significant Hong Kong institutions.