Threat Intelligence Report

Zero-detection, three-domain hijacking, and a cloud credential harvester. An inside look at the APT41 Winnti ELF backdoor.

📅 April 19, 2026 📰 www.ctfiot.com 🔍 0 CVE(s) referenced

A highly sophisticated, virtually undetectable Winnti ELF backdoor linked to APT41 is targeting cloud environments by abusing lookalike Chinese tech domains and stealthy C2 channels to steal cloud credentials and enable broad lateral movement across compromised infrastructures.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle