ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool PipeMon

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: PipeMon

NamesPipeMon
CategoryMalware
TypeBackdoor
Description(ESET) In February 2020, we discovered a new, modular backdoor, which we named PipeMon. Persisting as a Print Processor, it was used by the Winnti Group against several video gaming companies that are based in South Korea and Taiwan and develop MMO (Massively Multiplayer Online) games. Video games developed by these companies are available on popular gaming platforms and have thousands of simultaneous players.

In at least one case, the malware operators compromised a victim’s build system, which could have led to a supply-chain attack, allowing the attackers to trojanize game executables. In another case, the game servers were compromised, which could have allowed the attackers to, for example, manipulate in-game currencies for financial gain.
Information<https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/>
MITRE ATT&CK<https://attack.mitre.org/software/S0501/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.pipemon>

Last change to this tool card: 30 December 2022

Download this tool card in JSON format

All groups using tool PipeMon

ChangedNameCountryObserved

APT groups

 APT 41China2012-Aug 2024 HOTX
 Earth LuscaChina2019-Sep 2024 HOT 

2 groups listed (2 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]