Cyberattacks on government institutions in Hong Kong by the China-linked espionage actor APT41 (also known as Winnti), which compromised them unnoticed for up to a year in certain cases, have been discovered by Symantec researchers.

The threat actor has been employing a piece of customised malware known as Spyder Loader that had previously been linked to the organisation.

The newly detected Hong Kong activity appears to be a component of the same operation, according to Symantec's research, with targets of Winnti being local governments in the special administrative area.

Although Symantec was unable to recover the full malware, it appears that the objective of APT41's most recent effort was to gather intelligence from significant Hong Kong institutions.