In one of our previous blog entries, we covered how the threat actor known as Winnti was using GitHub to spread malware – a development that shows how the group is starting to evolve and use new attack methods beyond their previous tactics involving targeted attacks against gaming, pharmaceutical, and telecommunications companies. Through this entry, in which we take a closer look at an individual who we believe might be connected to the Winnti group,