The China-based espionage group Winnti was discovered by researchers at Symantec deploying the Spyder Loader malware as part of an ongoing campaign to gather intelligence. The group allegedly sought to steal information from government organizations in Hong Kong. The recently-observed malicious activity consists of Winnti attackers remaining active on some targeted networks for months at a time in order to steal critical data.
The campaign is likely an extension of the previously identified Operation Cuckoobees, according to Symantec. The operation was originally discovered by security researchers at Cuckoobees as part of a massive cyber-espionage campaign targeting companies in North America and Asia. It has been estimated that Winnti has stolen hundreds of gigabytes of data including trade secrets, blueprints, formulas, diagrams, proprietary documents, and more. The attacks have targeted more than 30 global organizations.