The Winnti group failed

Kaspersky Lab's team of experts has released its latest report, which deals with the cyber-espionage actions of the now established Winnti Group. According to Kaspersky experts, the cybercrime group has been threatening the online gambling and game development industry since 2009, and they are still very active today. The group is targeted to steal digital certificates as well as intellectual property from game developers, including online game source code.

The company has been monitoring the Winnti Group since the fall of 2011, when experts identified a malicious Trojan virus that affected several end users around the world. Experts have found a clear link between infected computers and online games. Shortly after the incident, it turned out that the malware was part of an official gambling server that was constantly updated on the victims ’computers.

The users involved in the case at the time still believed that the virus had been installed on the machines by a computer game development company in order to spy on customers. However, it was later revealed that the virus was committed by a cyber espionage group called Winnti, where the target was the online computer game development company itself.

The Trojan was found to be a DLL (Dynamically Linked Library) compiled for 64-bit Windows that had a valid digital signature from cybercriminals. According to Kaspersky Lab experts, this was the first Trojan program with a valid digital signature written for 64-bit Microsoft Windows 7.

Kaspersky Lab experts examined and analyzed the Winnti Group's initial campaign, which involved more than 30 leading online game development companies in Southeast Asia. In addition, several companies were involved in the attack in Germany, the United States, Japan, China, Russia, Brazil, Peru and Belarus. [Kaspersky]