News of game-related hacks are nothing new; they have dominated headlines in recent years, from the massive Sony PlayStation Network takedown to the more recent hack of The War Z.
Attacks on gaming firms might not be isolated incidents, however. Researchers at Kaspersky Lab have said they uncovered a series of targeted attacks originating in China that are taking aim at web-based gaming companies.
According to our estimations, this group has been active for several years and specializes in cyber attacks against the online video game industry, Kaspersky said in a blog post. The groups main objective is to steal source codes for online game projects as well as the digital certificates of legitimate software vendors. In addition, they are very interested in how network infrastructure (including the production of gaming servers) is set up, and new developments such as conceptual ideas, design and more.
Kaspersky started investigating the group – known as Winnti – in the autumn of 2011 at a behest of a computer game publisher that detected malware on its network. The malware was pushed out to users via a standard update, prompting concern that the company was spying on its users.
However, it later became clear that the malicious program ended up on the users computers by mistake: the cybercriminals were in fact targeting the companies that develop and release computer games, Kaspersky said.
Once installed on someones computer, the hackers could control that machine without the users knowledge. The malware was the first time we saw Trojan applications for the 64-bit version of Microsoft Windows with a valid digital signature, Kaspersky said. Previous incidents of digital signature abuse had only hit 32-bit systems.
The digital certificate in question belonged to South Korea-based KOG, which also produced MMO games, like Kasperskys client. Ultimately, the certificate was revoked, but over the next 18 months we discovered more than a dozen similar compromised digital certificates.
Kaspersky said that its research suggests that at least 35 companies from around the world have been infected by Winnti malware at some point in time, with a strong focus on Southeast Asia (see map, top).
Like to keep abreast of the latest developments in the murky, fast-paced world of online security? ITProPortals resident security expert Will Dalton recently analysed the ransomware trend, identifying it as one of 2013s biggest digital threats – and most lucrative cyber crime money spinners.
Published under license from Ziff Davis, Inc., New York, All rights reserved.
Copyright copy; 2012-2013 Ziff Davis, Inc