Sunday, April 21, 2013

Hacker targeting online gaming companies, Kaspersky


Kaspersky Lab's team of experts recently published a detailed research report that analyzes a sustained cyberespionage campaign conducted by the cybercriminal organization known as 'Winnti'. 

According to Kaspersky Lab's report, the Winnti group has been attacking companies in the online gaming industry since 2009 and is currently still active. The group's objectives are stealing digital certificates signed by legitimate software vendors in addition to intellectual property theft, including the source code of online game projects. 
A statement issued by the lab said that the first incident that drew attention to the Winnti group's malicious activities occurred in the autumn of 2011, when a malicious Trojan was detected on a large number of end-user computers across the globe. "The clear link between all of the infected computers is that they were used to play a popular online game. Shortly after the incident, details emerged that the malicious programme which had infected the users' computers was part of a regular update from the gaming company's official server. Infected users and members of the gaming community suspected the computer game publisher was installing the malware to spy on its customers. However, it later became clear that the malicious programme was installed on the players' computers by accident, and that the cybercriminals were actually targeting the computer game company itself," the release said. 

Kaspersky Lab's experts began analyzing the Winnti group's campaign and found that more than 30 companies in the online gaming industry had been infected by the Winnti group, with the majority being software development companies producing online video games in South East Asia. 

Currently the Winnti group is still active and Kaspersky Lab's investigation is ongoing. The company's team of experts has been working with the IT security community, online gaming industry and certificate authorities to identify additional infected servers while assisting with the revocation of stolen digital certificates.

No comments:

Post a Comment