Kaspersky Labs has uncovered an active cybercrime ring that has infiltrated the servers of many games developers and publishers for the past four years, to access source codes for the development of pirated games and steal virtual currency.
ZDNet reports that according to its blog post Thursday, April 11, Kaspersky fingered a group named "Winnti" to be responsible for breaking into the servers of at least 35 games developers and publishers since 2009. The evidence it had uncovered suggested the cybercriminals were looking to steal proprietary source codes to possible develop into pirated versions of the games, or to steal virtual currency which can be converted into real money, it said.
Most of the victims were located in Asia, especially the Southeast Asia region and also in Japan, China and South Korea. However, companies in Germany, the United States, Russia, Brazil, Peru and Belarus have also been hit, it said.
The attacks are still ongoing, targeting "massively multiplayer games" which involve millions of users across different countries. Kaspersky Labs will continue investigating Winnti, it noted.
According to ZDNet, the security company acknowledged it does not have a clear picture how much damage the cybercriminal group has caused, as it had not been given full access to all the infected servers. Some games companies have reported malicious software in processes which suggest the hackers had manipulated virtual currencies though, the blog post noted.
It also stole digital certificates, which it then used for future attacks. For example, in an attack against South Korean social network Cyworld and Nate in 2011, the attackers used a Trojan which was digitally signed using a certificate from video games company YNK Japan, it said.
Kaspersky also shed light on the origins of Winnti. It said: "We believe the source of all these stolen certificates could be the same Winnti group. Either this group has close contacts with other Chinese hacker gangs, or it sells the certificates on the black market in China."
