Names | PipeMon | |
Category | Malware | |
Type | Backdoor | |
Description | (ESET) In February 2020, we discovered a new, modular backdoor, which we named PipeMon. Persisting as a Print Processor, it was used by the Winnti Group against several video gaming companies that are based in South Korea and Taiwan and develop MMO (Massively Multiplayer Online) games. Video games developed by these companies are available on popular gaming platforms and have thousands of simultaneous players. In at least one case, the malware operators compromised a victim’s build system, which could have led to a supply-chain attack, allowing the attackers to trojanize game executables. In another case, the game servers were compromised, which could have allowed the attackers to, for example, manipulate in-game currencies for financial gain. | |
Information | <https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/> |
Last change to this tool card: 26 May 2020
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
APT 41 | ![]() | 2012-Aug 2020 | ![]() |
1 group listed (1 APT, 0 other, 0 unknown)
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on![]() ![]() |
Report incidents |
|
![]() |
+66 (0)2-123-1234 | |
![]() |
report@thaicert.or.th | |
![]() |
Download PGP key |