We assess with high confidence that the Winnti umbrella is associated with the Chinese state intelligence apparatus, with at least some elements located in the Xicheng District of Beijing. A number of Chinese state intelligence operations from 2009 to 2018 that were previously unconnected publicly are in fact linked to the Winnti umbrella. We assess with high confidence that multiple publicly reported threat actors operate with some shared goals and resources as part of the Chinese state intelligence apparatus. Report from Tom Hegel of 401TRG. Initial attack targets are commonly software and gaming organizations in United States, Japan, South Korea, and China. Later stage high profile targets tend to be politically motivated or high value technology organizations.