Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign

Winnti, a China-linked threat actor, has been attributed to a new cyber espionage campaign called RevivalStone, targeting Japanese companies in the manufacturing, materials, and energy sectors. The campaign, which overlaps with other Winnti-related threat clusters, leverages a custom toolset to bypass security software, harvest critical information, and establish persistent remote access. The latest attack chain exploited an SQL injection vulnerability to drop web shells and propagate the Winnti malware, with references to TreadStone and StoneV5 suggesting a possible fifth-generation version of the malware.