State-backed groups are often dictated to target other nations’ corporates and government agencies, to steal their secrets and be proactive. While this being their major purpose, they may hack few companies outside of their list just because of their interest. A lastest discovery by a cybersecurity firm reveals a potential attack on Gravity, the company behind a popular game called Ragnarok Online. This was targeted against Gravity earlier this year, but it’s yet unknown how far the hack was successful or even tried!

Unclear of the intrusion yet!

Ragnarok Online is a famous Massive Multiplayer Online Role-Playing Game (MMORPG) game produced by Gravity. The South Korean game maker was found on the targeted list of a Chinese state-backed hacking group called Winnti (APT 41). While state-backed hackers are primarily dedicated to following the nation’s command, they often try sidetracks like targeting gaming companies on their personal interests like stealing the in-game money.

Ragnarok Online MMORPG
Ragnarok Online MMORPG

Winnti has a long track record of targeting online gaming companies. And this group is now found to be steering towards Gravity. A cybersecurity firm called QuoIntelligence (QuoINT) was able to extract the Winnti malware’s configuration file and found the intended target. When dug into the configurations, they found a string mentioned as “0x1A0: GRAVITY.” This is how Winnti marks its targets, as per past records.

While these initial investigations reveal the possible target, it’s unclear whether the Gravity is aware of it. The intrusion was believed to happen earlier this year, but there’s no news of it yet. A reach out by ZDNet has no response from Gravity yet, so we cannot confirm there’s an attack already. But, Gravity is potentially targeted for the hackers as per code configurations discovered.

Winnti is a dropper malware that infects the system and acts as a backdoor for procuring more droppers later. It’s sophisticated enough to remain in the infected system for years by evading detections. There is a number of attacks recorded by FireEye, ESET, and Kaspersky earlier.

Via: ZDNet


Please enter your comment!
Please enter your name here