Winnti

  • First known sample

    2009
  • Discovery

    2012
  • Number of targets

    1-100
  • Current status

    Active
  • Type

    Trojan
  • Targeted platforms

    Windows
  • TOP targeted countries

    Belarus , Brazil , CIS , Germany , Japan , Peru , Russia , South East Asia , Ukraine
  • The way of propagation

    Social engineering
  • Purpose/Functions

    Data theft , Data wiping
  • Special features
    Winnti hunts for intellectual property belonging to gaming companies such as source code and internal systems design.
  • Targets

    Software companies
  • Artefacts/Attribution
    Our research revealed that the attackers used the Chinese language in the code of the malware; they used Chinese locales in their Windows servers and they have been using a number of IP addresses in China. There are a number of other indicators, such as nicknames, timezones and more showing that the attackers are located in the People's Republic of China.
  • Description

    A hacking group known for a series of targeted attacks against private companies around the world, namely gaming companies. The group’s main objective is to steal source codes for online gaming projects, as well as the digital certificates of legitimate software vendors. The malware used is distributed via a regular update from a game’s official update server. The group later evolved to target the pharmaceutical industry as well.

    Additional information