Digital certificates taken from gaming developers are not fun for aerospace industry

Many software developers involved in the MMORPG field (Massive Multi-Player Online Role Playing Games) have been hacked in the last year-and-a-half. The instigator seems intent on stealing their digital certificates to execute later attacks on other targets.

The attacker(s) are also interested in mapping their victims’ network architectures and stealing source code “likely so that they can uncover vulnerabilities that would allow them to artificially propagate digital currency used in the games and convert it to real-world cash.”

The misappropriated digital certificates have been used to sign malware in hacks lobbed at aerospace firms, as well as a company that operates the largest social network in South Korea called CyWorld, and Tibetan and Uyghur activists.

“The attack against CyWorld’s parent company, SK Communications, used a Trojan horse that had been signed with a compromised digital certificate belonging to a gaming company called YNK Japan Inc. The digital certificate helped the hackers steal credentials for more than 35 million accounts on the social networking site.”

But – “It’s not known if the same hackers who stole the certificates were also responsible for the attacks against the aerospace industry and the activists, or if they simply supplied the certificates to other groups who performed those hacks.”