Researchers at Kaspersky Lab have uncovered an advanced persistent threat (APT) attack targeting video games companies.
Known as Winnti, the malware is believed to be the work of a Chinese group intent on lifting source code and other intellectual property from game developers.
According to Kaspersky, the Winnti APT is manually operated and is highly targeted with operators remotely examining infected machines and combing through files by manually.
"The main objective of the group is to steal source code of online game projects as well as digital certificates of legitimate software vendors," the company said.
"Besides that, they are deeply interested in the setup of network infrastructure (including production gaming servers) and new developments such as conceptual ideas, design and more."
Researchers have been observing the Winnti operation since 2011 and noted that the malware infects both 32- and 64-bit version of Windows and is specially-crafted to offer a remote user backdoor access to infected machines.
To catch the attackers in action, Kaspersky researchers set up a 'honeypot' operation in which they let a virtual machine deliberately get infected. After crafting a series of systems designed to resemble the network of a gaming company, researchers watched as the attackers manually accessed the system and sought out potentially valuable code.
After watching the attacker access the system, researchers believe that the attackers are targeting multiple gaming companies by preying on poorly guarded systems which are easy to compromise and have access to more valuable network connected devices.
"Considering how many companies they have already compromised, there is hardly a lack of potential victims," Kaspersky researcher Dmitry Tarakanov wrote.
"They appear not to waste much time on particularly hard targets, opting instead to make money from the numerous organisations that require less effort to crack."
Dr Kuan Hon criticises GDPR consent emails that will only eviscerate marketing databases and 'media misinformation'
Apple squashes Steam Link app on 'business conflicts' grounds
Philip Hammond wants to forget rules that the UK agreed with the EU to ban non-European companies from the satellites
Instapaper to 'go dark' in Europe until it can work out GDPR compliance