
In one of our previous blog entries, we covered how GitHub was being used to spread malware. In this entry, we take a closer look at an individual who we believe might be connected to the threat actor behind the malware.
A careful analysis of the domain registrations from this threat actor between 2014 and 2015 allowed us to identify one profile used to register several domains that were used as C&C servers for a particular malware family employed by the Winnti group. In particular, we managed to gather details on an individual using the handle Hack520, who we believe is connected to Winnti.
Read More