Operation Winnti Microsoft SQL

The Winnti threat group, also known as Axiom, targeted Microsoft SQL servers with a backdoor known as "skip-2.0." The malware is capable of copying, modifying or deleting database content and used various techniques to remain persistent and evade detection including DLL search order hijacking, hooking, event log blocking, and software packing.