Kaspersky Lab has discovered a link between the Chinese hackers blamed for a series of attacks against gaming companies, and an ongoing watering hole attack on a site dedicated to providing support for Tibetan refugee children.
According to Kaspersky’s research, the attackers have compromised the NGO Tibetan Homes Foundation’s website, and are using a Flash exploit that isn’t all that old, leaving those without the latest patches from Adobe exposed. The link between the two attacks comes from a stolen certificates used to sign the malware delivered by the exploit.
“So, what we have is an active watering hole campaign implementing a fairly new Flash exploit and abusing digital certificates that were stolen as a part of the ongoing Winnti targeted attack campaigns on game developers and publishers,” Kaspersky’s Kurt Baumgartner noted.
As mentioned, on Wednesday Kaspersky unveiled its analysis on a series of targeted attacks that hit numerous online gaming companies around the world.
According to Kaspersky, the attackers were looking to gain access to source code and legitimate digital certificates from software makers. Assuming they’re successful, then the attackers could compromise gaming platforms, and in some cases manipulate in-game currency that players can use to convert into real-world money.
The hacking group behind the attacks is alleged to have Chinese origins, which Kaspersky calls the Winnti group – a name tied to the label Symantec gave the malicious payloads used in the attacks.
Kaspersky Lab found more than 35 gaming companies that had been infected as a result of the Winnti attacks. While most were online video game maker from East Asia, other firms in Germany, the United States, Japan, China, Russia, Brazil, Peru, and Belarus were hit, Kaspersky said.