The China-aligned espionage-focused actor dubbed Winnti has set its sights on government organizations in Hong Kong as part of an ongoing campaign dubbed Operation CuckooBees.
Winnti, also known as APT41, Barium, Bronze Atlas, and Wicked Panda, is a well-known cyber threat group that has been active at least since 2007. It is primarily focused on stealing technology secrets from businesses in developed economies. Campaigns by the threat actor have primarily used spear-phishing emails with attachments to gain access to victims’ networks.
These emails have been used to target the healthcare, telecoms, high-tech, media, agriculture, and education sectors.