ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool PipeMon

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: PipeMon

NamesPipeMon
CategoryMalware
TypeBackdoor
Description(ESET) In February 2020, we discovered a new, modular backdoor, which we named PipeMon. Persisting as a Print Processor, it was used by the Winnti Group against several video gaming companies that are based in South Korea and Taiwan and develop MMO (Massively Multiplayer Online) games. Video games developed by these companies are available on popular gaming platforms and have thousands of simultaneous players.

In at least one case, the malware operators compromised a victim’s build system, which could have led to a supply-chain attack, allowing the attackers to trojanize game executables. In another case, the game servers were compromised, which could have allowed the attackers to, for example, manipulate in-game currencies for financial gain.
Information<https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/>

Last change to this tool card: 26 May 2020

Download this tool card in JSON format

All groups using tool PipeMon

ChangedNameCountryObserved

APT groups

 APT 41China2012-Aug 2020 HOTX

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key