There have been attempts to hack South Korean gaming giant Gravity, the company behind the legendary Ragnarok Online. Based on recent reports of cybersecurity firm QuoIntelligence (QuoINT) Gravity have been targeted earlier this year by an alleged state-sponsored Chinese hacking group known as Winnti (also known as APT41, BARIUM, Group 72, and Black Fly.)
According to the report, published on QuoIntelligence’s website, it isn’t clear whether the group was successful or not in infiltrating Gravity’s infrastructure. Winnti has been suspected of being active since 2009 and has been known to target multiple companies in different fields including pharmaceuticals, gaming, software development, telecoms, and technology industries. QuoINT said they were able to identify which ones were targeted by Winnti’s attacks by examining the malware’s configuration file.
“In this case, the following string was included within the extracted configuration: 0x1A0: GRAVITY. Based on previous knowledge and targeting of the Winnti Group, we assess that this sample was likely used to target Gravity Co., Ltd., a South Korean video game company.”
• QuoIntelligence Blog, April 20, 2020
The malware used is called the “Winnti Dropper”, a malicious program that infects your PC and becomes a gateway for more malware. QuoINT says it appears the malware had been coded as far back as 2015. Hacking a company’s network can be based on a number of ulterior motives but most commonly, it is done to steal and sell information or steal source codes to create a bootleg copy. It can also involve other serious issues such as tampering and destroying infrastructure.
This is just the latest in Winnti’s targets as of late. They have been recently targeting gaming companies not just in South Korea, but in Taiwan as well. Security experts conclude that the hackers are doing this in their free time since the attacks have been happening outside the working hours.