In January 2025, FortiGuard Labs observed Winos 4.0 attacks targeting users in Taiwan. In February, it became clear the actor had changed malware families and expanded operations. What first appeared isolated was part of a broader campaign that shifted from China to Taiwan, then Japan, and most recently Malaysia.
This article examines the methodologies employed to identify strategic connections between their campaigns, revealing how seemingly unrelated attacks are linked through shared infrastructure, code patterns, and operational tactics.
Link to the full report: IR-25-293-002_Fortinet.pdf
Comments