On Wednesday, BlackBerry released an analysis to the Black Hat 2020 conference group in which evidence linking five Chinese APT groups was presented. The five groups are allegedly splinters of the Winnti group, which is a supply-chain specialist threat actor group. All five entities were observed by researchers using the same Linux rootkit and backdoor combo, leading experts to believe that they are linked. The Linux backdoor is leveraged by the hackers for espionage and is customizable to specific targets.

Winnti is notorious for high-profile and sophisticated supply-chain attacks targeting victims in the software industry with the goal of spreading trojanized software. According to BlackBerry, the Linux toolset they uncovered was being used in a series of targeted attacks by all five organizations. This ultimately led the research team to find viable links between the five APTs tying them back to Winnti.