Acording to new report, Chinese intelligence officers are responsible for a decade’s worth of hacks targeting gaming and software firms across the globe.According to Ars Technica, Gmail and Office 365 attack are the most recent by hackers. They tried accessing sensitive companies information - through phishing email. After the attack, security researchers were able to get information on targets and locations.
Unaffiliated and distinct names of hackers - GREF, LEAD, Winnti, PassCV, BARIUM and Wicked Panda - were also traced in some attack.
A report by 401TRG, which is a threat research and analysis team at ProtectWise - a security company - trying to prove all attacks were linked to Chinese government’s intelligence in a disguise as "The Winnti Umbrella".
“The Winnti umbrella and linked groups’ initial targets are gaming studios and high tech businesses,” the authors wrote. “They primarily seek code signing certificates and software manipulation, with potential financially motivated secondary objectives. These targets have been identified in the United States, Japan, South Korea, and China.”
“One of the most common tactics used by the Winnti umbrella and related entities is phishing users whose credentials may provide elevated access to a target network,” the researchers explained. “We have observed spear-phishing campaigns that target human resources and hiring managers, IT staff, and internal information security staff, which are generally very effective.”
“The attackers grow and learn to evade detection when possible, but lack operational security when it comes to the reuse of some tooling. Living off the land and adaptability to individual target networks allow them to operate with high rates of success. Though they have at times been sloppy, the Winnti umbrella and its associated entities remain an advanced and potent threat.”