The majority of the victims are from South East Asia. However, online gaming companies located in Germany, the USA, Japan, China, Russia, Brazil, Peru, and Belarus were also identified as victims of the Winnti group.
Social engineering
Data theft
Winnti hunts for intellectual property belonging to gaming companies such as source code and internal systems design.
The malware has been known to steal digital certificates used by gaming companies, which allows the attackers to distribute malicious software signed by trusted entities.
The first malicious program on a 64-bit version of Microsoft Windows 7 that had a valid digital signature
Having infected gaming companies that do business in the MMORPG space, the attackers potentially get access to millions of users
Software companies
Our research revealed that the attackers used the Chinese language in the code of the malware; they used Chinese locales in their Windows servers and they have been using a number of IP addresses in China. There are a number of other indicators, such as nicknames, timezones and more showing that the attackers are located in the People's Republic of China.
The blog post and research paper are available atSecurelist.com
