Chinese state-sponsored threat operation RedGolf which has overlaps with Winnti, also known as APT41, Wicked Panda, Bronze Atlas, and Barium has been targeting Windows and Linux systems with the new custom KEYPLUG backdoor, which was first reported by Mandiant to be used in attacks against various U.S. state government networks from May 2021 to February 2022, according to The Hacker News.
Article Link: Windows, Linux systems subjected to Chinese state-backed cyberattacks | SC Media