An investigation by security vendor ProtectWise has shown that groups operating under the Winnti umbrella since at least 2009 share a common goal, common infrastructure, and often the same tactics, techniques, and procedures. The group is a loosely organized collection of China-based threat actors that are currently being actively supported by intelligence agencies in the nation. Many of the group’s initial attack targets have been software and gaming companies. The groups have shown a proclivity to attack smaller organizations with the intent of finding and stealing code-signing certificates, which they have then signed malware directed against higher-value targets.”]