Table of Contents
In the beginning was ...
Digital Certificates
Victims
Winnti C&Cs Structure
Known Malware
The commercial interest
Source of attacks
Conclusions
Kaspersky Lab began this ongoing research in the autumn of 2011. The subject is a series of targeted attacks against private companies around the world.
In the course of our research we uncovered the activity of a hacking group which has Chinese origins. This group was named "Winnti".
According to our estimations, this group has been active for several years and specializes in cyberattacks against the online video game industry. The group’s main objective is to steal source codes for online game projects as well as the digital certificates of legitimate software vendors. In addition, they are very interested in how network infrastructure (including the production of gaming servers) is set up, and new developments such as conceptual ideas, design and more.
We weren't the first to focus on this group and investigate their attacks. In 2010 US-based HBGary investigated an information security incident related to the Winnti group at one of HBGary's customers – an American video game company.
read more..........http://www.securelist.com/en/analysis/204792287/Winnti_More_than_just_a_game