The Reveal Platform
Intel Name: Tracking malware and attack expansion: a hacker group’s journey across asia
Date of Scan: October 29, 2025
Impact: Medium
Summary: In January 2025, Labs identified a series of Winos 4.0 attacks targeting users in Taiwan. By February, it became evident that the threat actor had transitioned to new malware families and broadened their operations. What initially appeared to be isolated incidents turned out to be part of a larger campaign that began in Mainland China before spreading to Taiwan, then Japan, and most recently Malaysia. The campaign primarily used phishing emails containing PDF attachments with embedded malicious links. These PDFs impersonated official Ministry of Finance documents and included multiple links—one of which delivered the Winos 4.0 malware.
