Hackers have most recently attacked several game developers that create Massively Multiplayer Online (MMO) games with advanced malware that enables them to steal in-game currencies and push malware-tainted apps to another victim.
Winnti's Attacks
In a report by Ars Technica, the hackers were from a prolific hacking group known as Winnti, which has been around since 2012.
Researchers from ESET, a Slovakian security company, said that the group has been behind some of the most advanced cybersecurity attacks with targets including Chinese journalists, Thailand's government, Tibetan and Uyghur activists, as well as different technology organizations.
According to the report, the group was behind the most recent attack wherein they compromised the CCleaner distribution platform that affected millions of people but only caused a malware outbreak to gain access to companies like Intel, Sony, and Samsung, among others.
In addition, Winnti was also behind a massive 2010 hack that stole sensitive data from various companies, including Google.
Before the most recent attack, the group has also hacked other gaming companies, including Nfinity Games in 2018 with a supply-chain attack, with the researchers believing they attack software and game developers as well as Internet services to better their attacks on the ultimate targets by using the data they have stolen.
Attacking MMO Game Developers
Now, the group is attacking MMO game developers from South Korea and Taiwan with a never-seen-before backdoor that ESET dubbed as PipeMon, which persists as a Print Processor, according to the security company.
The backdoor was dubbed PipeMon due to the multiple pipes used by the attackers for one module to communicate with another and the Microsoft Visual Studio project name that the developers used.
There are apparently two types of attacks.
In one of the cases, the hackers compromised their victim's build system that could have caused a supply-chain attack and would allow the malware operators to trojanize game executables.
Another attack compromised the actual game servers that could allow the hackers to manipulate the game's currencies, which provides them financial gain.
Limited Details on the Attack
Nevertheless, the security company only revealed little about the recent attack and as well as the companies that were attacked, but they did disclose that they have no evidence that either of the outcomes happened.
They only disclosed that the victims' games are available on popular platforms and are being played simultaneously by thousands of players.
There are several MMO game developers in both South Korea and Taiwan, plus there's no news whether the Winnti group was able to attack the software builds and the game servers.
Because of that, end users have no idea whether they have been affected by the attack, but it should not be ruled out based on Winnti's advanced skills.
When it comes to the group's name, the researchers have this to say: "We have chosen to keep the name "Winnti Group" since it's the name first used to identify it, in 2013, by Kaspersky. Since Winnti is also a malware family, we always write 'Winnti Group' when we refer to the malefactors behind the attacks. Since 2013, it has been demonstrated that Winnti is only one of the many malware families used by the Winnti Group."