Winnti Group has started a new attack on Hong Kong-based University students. Their malware and trojans are regularly surfacing on the country’s servers near the University proximities. The Winnti Group is one of the most controversial and dreaded hacking groups in the world. According to sources, it has now upgraded its hacking modules and upped its practices to target specific areas.
The evident and specialized regions of targets are the gaming and healthcare sectors. According to these hackers, the most significant security breaches and data-mine can be collected from the industry, as mentioned above of business. Since Asia is the biggest consumer of gaming services, Winnti is now targeting Hong Kong-based servers through Shadowpad malware.
Microsoft SQL Servers, Firefox, Chrome, Linux-based OS are a few in the massive list of breakdowns Winnti Group caused in recent years. The initial detection of Winnti’s attacks was in 2019. ESET’s programs detected ShadowPad malware in November 2019 from servers based in Hong Kong’s Universities. They immediately raised the alarm and alerted the cyber cells in the area who tried to defuse the situation.
According to sources, the Winnti Group took the brute step against these Universities and their students on the agenda. Some civic issues were a precursor to these events. ShadowPad’s staging process and .dll uploading processes are threats enough to cause a massive data breach.
The patching, extracting, and execution process is a complex process that cannot be read minutely by average data security professionals. Such is the expertise of the Winnti Group hackers, the malware’s extent is currently on a big roll.
The Latest ShadowPad Module Is Very Concerning
The latest ShadowPad variant is new and extremely lethal for the modern cyber generation. It has the capacity to corrupt the safest of servers, and there are little firewalls that can do about it. For the time being, the primary target is Hong Kong and some parts of China, but people fear that the extent of this can spread to Japan and South Korea as well.
As of now, South Korean servers are highly secure owing to American support to its industrial network systems. Since the USA’s majority of overseas operation in Asia is regulated through South Korea, the country is keeping a vigilant approach towards malware, and trojan attacks on it’s or its ally’s servers.
The hacks around the University campuses of Hong Kong are suspected to be agitation against an extradition bill, but bureaucrats suspect a bigger story than that.
Source – WeLiveSecurity