{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreibek7p2qvpoyt6pcmmciwn365amw4st5rtoor2nhh3tjvq5dngjve",
    "uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3mjnw24fa6nz2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreigxgdahyj4uihh67iof6vgh4fj5r5mnsrdagqupv5n4gwakaw3pwy"
    },
    "mimeType": "image/webp",
    "size": 43846
  },
  "path": "/apt41-targets-linux-cloud-servers-with-new-winnti-backdoor-built-to-steal-credentials/",
  "publishedAt": "2026-04-16T18:31:21.000Z",
  "site": "https://vpncentral.com",
  "tags": [
    "News",
    "APT41 targets Linux cloud servers with new Winnti backdoor built to steal credentials",
    "VPN Central"
  ],
  "textContent": "APT41 is expanding its Linux toolset again, this time with a backdoor built for cloud workloads. Recent reporting says the group deployed a new Winnti-family ELF implant that targets Linux servers running in AWS, Google Cloud, Microsoft Azure, and Alibaba Cloud environments, with the goal of stealing cloud credentials and maintaining quiet access over time. […]\n\nThe post APT41 targets Linux cloud servers with new Winnti backdoor built to steal credentials appeared first on VPN Central.",
  "title": "APT41 targets Linux cloud servers with new Winnti backdoor built to steal credentials"
}