Winnti
More about the Winnti group, its tactics, techniques, procedures and tools
-
The way of propagation
Social engineering -
Purpose/Functions
Data theft , Data wiping -
Special features
Winnti hunts for intellectual property belonging to gaming companies such as source code and internal systems design.
-
Targets
Software companies -
Artefacts/Attribution
Our research revealed that the attackers used the Chinese language in the code of the malware; they used Chinese locales in their Windows servers and they have been using a number of IP addresses in China. There are a number of other indicators, such as nicknames, timezones and more showing that the attackers are located in the People's Republic of China.
-
Description
A hacking group known for a series of targeted attacks against private companies around the world, namely gaming companies. The group’s main objective is to steal source codes for online gaming projects, as well as the digital certificates of legitimate software vendors. The malware used is distributed via a regular update from a game’s official update server. The group later evolved to target the pharmaceutical industry as well.