Kaspersky Labs says
a group named "Winnti" has been infiltrating the servers of at least 35 games developers and publishers since 2009, stealing their source codes for software piracy and virtual currency.
Kaspersky's researchers estimate that the group has been active for several years and specializes in cyberattacks against the online video game industry. The group?s main objective is to steal source codes for online game projects as well as the digital certificates of legitimate software vendors. In addition, they are very interested in how network infrastructure (including the production of gaming servers) is set up, and new developments such as conceptual ideas, design and more.
The campaign, which began in 2009 and is still active today, had a wide reach because it targeted so-called "massively multiplayer games," which can involve millions of users across different countries, according to Kaspersky.
The victims include South Korea's Neowiz, Mgame Corp, Nexon Corp and privately held U.S.-based Trion Worlds, Kaspersky said.
Kaspersky said it was unclear how much damage the hackers caused in the campaign. Some gaming companies reported malicious software in certain processes that suggested the hackers manipulated virtual currencies -- such as the "gold" that games typically accumulate in online role-playing games.
Kaspersky said the hackers stole digital certificates, which can be used to authenticate software and gain access to computers. There was evidence that some of the digital certificates that Winnti stole were used by other groups.
"We believe that the source of all these stolen certificates could be the same Winnti group. Either this group has close contacts with other Chinese hacker gangs, or it sells the certificates on the black market in China," Kaspersky Lab said.
Kaspersky is still investigating Winnti.