Gaming company targeted by Chinese Winnti hackers
Far from pausing operations during the COVID-19 pandemic, China’s notorious Winnti hacking group has been busy launching new attacks on targets, researchers say.
According to an analysis by QuoIntelligence, as recently as February the group’s signature was detected in an attack against Gravity, the South Korean games company behind the long-running Massive Multiplayer Online Role Playing Game (MMORPG) Ragnarok Online.
Winnti (aka APT41, APT10, Blackfly and BARIUM and many others) is an umbrella name for related hacking groups dating back to 2009 that made their bad name attempting to compromise thousands of companies in search of intellectual property. Asian games companies have been a recurring specialty.
The main indication found by the researchers was a dropper file (the executable that commences a malware attack) rather than the payload itself (the business end of modern malware).
Nevertheless, a look at the configuration file revealed a string that identified Gravity as the intended target.