Operation PortReuse

The Winnti Group targeted an unnamed hardware and software company in Asia with the PortReuse malware. The backdoor sits passively on the network waiting on a magic packet from the actor to trigger malicious code. The components of the modular malware are separate processes that communicate using named pipes.