Security researchers from Alphabet’s cybersecurity firm Chronicle have discovered a Linux version of the Winnti malware while investigating a recent cyberattack carried out against the pharmaceutical giant Bayer.
According to the researchers, the code contained within the Linux variant resembles the Winnti 2.0 Windows version which has been used by Chinese cybercriminals for the past decade to launch attacks on systems worldwide.
It is believed by security experts that several Advanced Persistent Threat (APT) groups operate under the Winnti umbrella including Winnti, Wicked Panda, ShadowPad, DeputDog, APT17, PassCV and others.