Kaspersky reports servers attacked by Winnti Group

Kaspersky Lab  experts have reported that Chinese  hackers organization "Winnti" have allegedly attacked the  servers of at least 35 game developers,  publishers and online video gaming companies mostly in East Asia including South Korea, but also in Germany, the United States, Japan, China, Russia, Brazil, Peru, and Belarus.

As per the lab experts, the hackers have attempted to steal proprietary software code, possibly to develop pirated versions of online games, or to steal in-game currency that can be converted into real money.

Kurt Baumgartner, Senior Security Researcher, Kaspersky Lab said, "We could not verify, but one obvious possibility would be to manipulate (the) internal state of the game to the advantage of the attackers."
He said that the hackers stole digital certificates, which can be used to authenticate software and gain access to computers. The Kaspersky Lab researchers have also given evidence that some of the digital certificates that Winnti stole were used by other groups with different agendas. The certificates were used to spy on the computers of Tibetan and Uyghur activists.

"We believe that the source of all these stolen certificates could be the same Winnti group. Either this group has close contacts with other Chinese hacker gangs, or it sells the certificates on the black market in China," Kaspersky Lab said.

The malware was traced to a downloaded update from the unidentified game publisher's servers. Kaspersky found that the attackers had managed to install a Trojan on the company's servers.