Kaspersky Lab has uncovered a Chinese hacking ring that has been breaching the security of and stealing source code and other material from various online games in East Asia, South Korea, Germany, the US, Japan, China, Russia, Brazil, Peru, and Belarus. The security researchers at the company say that this Chinese hacking ring broke into the servers of dozens of online video gaming companies and stole from them over a four year period. Kapersky has called the group "Winnti" and claims that it has infiltrated the servers of at least 35 game developers and publishers including Neowiz, Mgame, Nexon, and US-based Trion Worlds. This cybercrime spree has been going on since 2009.
Kaspersky did not know how much damage the hackers caused their targets because the security firm couldn't get full access to all the infected servers. Some game operators reported malicious software in certain processes that indicate that hackers were manipulating virtual currencies.
"We could not verify, but one obvious possibility would be to manipulate [the] internal state of the game to the advantage of the attackers," said Kaspersky Lab's senior security researcher, Kurt Baumgartner.
Baumgartner added that hackers stole digital certificates, which were then used to authenticate software and gain access to computers. There was evidence that some of the digital certificates that Winnti stole were used by other groups with different agendas.
"We believe that the source of all these stolen certificates could be the same Winnti group. Either this group has close contacts with other Chinese hacker gangs, or it sells the certificates on the black market in China," Kaspersky Lab said.
Kaspersky's investigation into the hacking ring is ongoing.