Cyber Resilience

Threat actor · all actors

Winnti GroupG0044 state

🇨🇳 CN

aka Winnti Group, Blackfly, APT41, G0096, TA415, Grayfly, LEAD, BARIUM, WICKED SPIDER, WICKED PANDA, BRONZE ATLAS, BRONZE EXPORT, Red Kelpie, G0044, Earth Baku, Amoeba, HOODOO, Brass Typhoon, Winnti, Double Dragon, TG-2633, Leopard Typhoon

Last updated: 2026-07-03

2attributed CVEs
8ATT&CK techniques
4.4IDF score (tooling uniqueness)
0exclusive CVEs
2017–2021years active

About this actor

[Winnti Group](https://attack.mitre.org/groups/G0044) is a threat group with Chinese origins that has been active since at least 2010. The group has heavily targeted the gaming industry, but it has also expanded the scope of its targeting.(Citation: Kaspersky Winnti April 2013)(Citation: Kaspersky Winnti June 2015)(Citation: Novetta Winnti April 2015) Some reporting suggests a number of other groups, including [Axiom](https://attack.mitre.org/groups/G0001), [APT17](https://attack.mitre.org/groups/G0025), and [Ke3chang](https://attack.mitre.org/groups/G0004), are closely linked to [Winnti Group](https://attack.mitre.org/groups/G0044).(Citation: 401 TRG Winnti Umbrella May 2018)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2017-6328 5.58.80.02142017-08-11see CVE
CVE-2020-6789 5.57.80.00352021-03-25see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
CM-22 / 825%
CM-62 / 825%
CM-72 / 825%
SI-42 / 825%
AC-21 / 812%
AC-31 / 812%
AC-41 / 812%
AC-61 / 812%
CA-71 / 812%
CM-101 / 812%
CM-31 / 812%
CM-51 / 812%
CM-81 / 812%
IA-71 / 812%
IA-91 / 812%

Co-occurring actors

Similar actors

Similar TTPs

Overlapping CVEs

Active in same years

Same nation-state