New research revealed that Winnti has compromised at least 13 organizations across the globe in 2021, using methods such as phishing, watering holes, supply chain attacks, and various SQL injections.  The report provided a list of (mostly) Chinese IP addresses that attackers used to communicate with Cobalt Strike servers.