large-logo-mcafee-dark

Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation Winnti Microsoft SQL

The Winnti threat group, also known as Axiom, targeted Microsoft SQL servers with a backdoor known as "skip-2.0." The malware is capable of copying, modifying or deleting database content and used various techniques to remain persistent and evade detection including DLL search order hijacking, hooking, event log blocking, and software packing.
Name Modified Date Sources
Operation Winnti Microsoft SQL 2019-11-18