X-Industry

Winos4.0 in Taiwan

Posted by Bill Schenkelberg on March 6, 2025 at 12:00pm

In January 2025, our friends at FortiGuard Labs observed an attack that used Winos4.0, an advanced malware framework actively used in recent threat campaigns, to target companies in Taiwan. Figure 1 shows an example of the attack chain. Usually, there is a loader that is only used to load the malicious DLL file, and the Winos4.0 module is extracted from the shellcode downloaded from its C2 server.

Link to full report: IR-25-063-002_Winos.pdf

ir-24-063-002, winos40, malware, taiwan, china, national taxation bureau

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!

#xg { position:relative;top:120px; } #xn_bar { top:120px; }

Hello, you need to enable JavaScript to use Red Sky Alliance.

Please check your browser settings or contact your system administrator.

Comments