Security News > 2022 > October > Hackers compromised Hong Kong govt agency network for a year
Researchers at Symantec have uncovered cyberattacks attributed to the China-linked espionage actor APT41 that breached government agencies in Hong Kong and remained undetected for a year in some cases.
Symantec's report notes that there are signs that the newly discovered Hong Kong activity is part of the same operation, and Winnti's targets are government agencies in the special administrative region.
Symantec's report indicates that the hackers continue to evolve the malware, deploying several variants on the targets, all with the same functions.
Symantec analysts also observed the deployment of the Mimikatz password extractor in the latest campaigns, allowing the threat actor to burrow deeper into the victim network.
Although Symantec couldn't retrieve the final payload, it appears that the goal in APT41's latest campaign was to collect intelligence from key entities in Hong Kong.
Symantec expects Winnti to continue to evolve its malware toolkit and introduce new payloads, as well as add more layers of obfuscation where possible.