Chinese Hackers Target South Korean Gaming Company Behind "Ragnarok Online" MMORPG

A Chinese state-backed hacking group is likely targeting Gravity, a South Korean gaming company that is behind the popular massive multiplayer online role-playing game (MMORPG) Ragnarok Online, according to a recent security report published by security researchers at QuoIntelligence (QuoINT).

It appears that the group behind the attack is Winnti, which is also known as Axiom, BARIUM, BlackFly, Group 72, and APT41. The Winnti group is suspected as being active since at least 2009 and is mostly known for targeting the pharmaceuticals, aviation, gaming, software development, telecoms, and technology industries.
A malware sample uploaded to a free virus scanner was the source of the revelations made by QuoINT, who said that they were able to identify the targets of the attack by examining the malware's configuration file.

"In this case, the following string was included within the extracted configuration: 0x1A0: GRAVITY," they noted, elaborating that: "Based on previous knowledge and targeting of the WInnti Group, we assess that this sample was likely used to target Gravity Co., Ltd., a South Korean video game company."

The malware itself is described as the "Winnti Dropper," a malicious program that infects the user's computer and proceeds to act as an entry point for other, more potent infections. An identical sample as the one examined by QuoINT was found to be targeting an unnamed German chemical company earlier this year. At the same time, it appears that the malware itself was coded as early as 2015.

According to QuoINT, this is just the latest case in which the Winnti group targets companies in the gaming industry, especially ones that are located in Taiwan and South Korea. This, however, appears to happen outside of working hours, prompting security experts to conclude that this might be something that the hackers do in their free time, and is not connected to the cyber espionage interests of their state-sponsored mandate.

Hacking such companies might be done for a couple of reasons. Many online games nowadays allow for the trading of online resources in exchange for fiat or virtual currencies. Furthermore, hackers can steal the source code and use it to make pirate servers or look for vulnerabilities that would allow them to tamper with the victim's infrastructure.