One of China’s largest state-sponsored hacking groups has attempted to breach the interior network of Gravity, the South Korean gaming company hacked behind popular Ragnarok Online MMORPG (Massive Multiplayer Online Role-Playing Game).
The intrusion attempts are believed to possess taken place earlier this year, although it’s unclear if they were successful or not.
The attempted attacks came to light today after cyber-security firm QuoIntelligence (QuoINT) published a report on new malware strains it discovered, which it attributed to a Chinese hacker group referred to as Winnti (aka APT41, BARIUM, Blackfly).
“We were ready to extract the malware’s configuration file and identify the intended target. during this case, the subsequent string was included within the extracted configuration: 0x1A0: GRAVITY,” the corporate said.
“Based on previous knowledge and targeting of the Winnti Group, we assess that this sample was likely wont to target Gravity Co., Ltd., a South Korean computer game company,” QuoINT sid.
The malware was described as “the Winnti Dropper,” a kind of malware that’s usually the primary one that infects a victim’s computer, then proceeds to download other malware strains.
A Gravity spokesperson couldn’t be reached for comment before this article’s publication. it’s unclear if the corporate is conscious of the attempted intrusion attempt or if it succeeded.
Winnti features a known history of attacking gaming companies
QuoINT says this attempted intrusion is simply the newest during a long line of Winnti attacks aimed toward the computer game industry and particularly aimed toward gaming companies operating from South Korea and Taiwan, which the group has frequently targeted.
Such attacks have happened before. during a March 2018 report, Kaspersky said: “the Winnti group has been active for several years and focuses on cyber-attacks against the web computer game industry.”
In May 2019, ESET reported that Winnti managed to breach and backdoor games from a minimum of three Asian gaming companies, including Electronics Extreme’s popular Infestation game.
In August 2019, FireEye published a report detailing the Winnti (APT41) group’s attacks against the gaming industry. consistent with FireEye’s assessment, the group’s attacks on gaming companies aren’t associated with any cyber-espionage objectives. Instead, FireEye says that Winnti (APT41) members appear to focus on gaming companies outside of working hours, in their free time, hacking for his or her own personal profits by either stealing or manipulating online gaming currencies.