Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hackers Targeting Gaming Firms Linked to Attack on Orphans

Kaspersky Lab has discovered a link between the Chinese hackers blamed for a series of attacks against gaming companies, and an ongoing watering hole attack on a site dedicated to providing support for Tibetan refugee children.

Kaspersky Lab has discovered a link between the Chinese hackers blamed for a series of attacks against gaming companies, and an ongoing watering hole attack on a site dedicated to providing support for Tibetan refugee children.

According to Kaspersky’s research, the attackers have compromised the NGO Tibetan Homes Foundation’s website, and are using a Flash exploit that isn’t all that old, leaving those without the latest patches from Adobe exposed. The link between the two attacks comes from a stolen certificates used to sign the malware delivered by the exploit.

“So, what we have is an active watering hole campaign implementing a fairly new Flash exploit and abusing digital certificates that were stolen as a part of the ongoing Winnti targeted attack campaigns on game developers and publishers,” Kaspersky’s Kurt Baumgartner noted.

As mentioned, on Wednesday Kaspersky unveiled its analysis on a series of targeted attacks that hit numerous online gaming companies around the world.

According to Kaspersky, the attackers were looking to gain access to source code and legitimate digital certificates from software makers. Assuming they’re successful, then the attackers could compromise gaming platforms, and in some cases manipulate in-game currency that players can use to convert into real-world money.

The hacking group behind the attacks is alleged to have Chinese origins, which Kaspersky calls the Winnti group – a name tied to the label Symantec gave the malicious payloads used in the attacks. 

Kaspersky Lab found more than 35 gaming companies that had been infected as a result of the Winnti attacks. While most were online video game maker from East Asia, other firms in Germany, the United States, Japan, China, Russia, Brazil, Peru, and Belarus were hit, Kaspersky said.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Robert Shaker II has joined application security firm ActiveState as Chief Product and Technology Officer.

MorganFranklin Cyber has promoted Nick Stallone and Ferdinand Hamada into newly created roles.

Jessica Newman has joined Sophos as General Manager of Global Cyber Insurance.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.