Security News > 2021 > January > Major Gaming Companies Hit with Ransomware Linked to APT27
A recent slew of related ransomware attacks on top videogame companies has been associated with the notorious Chinese-linked APT27 threat group, suggesting that the advanced persistent threat is swapping up its historically espionage centralized tactics to adopt ransomware, a new report says.
Researchers noticed the "Strong links" to APT27 when they were brought in as part of incident response for ransomware activity that affected several major gaming companies globally last year as part of a supply-chain attack.
While researchers told Threatpost that they could not name the specific gaming companies attacked, they said that five companies were affected.
Researchers for instance said that they found similarities between the DRBControl sample and older confirmed APT27 implants.
Alongside the discovered backdoor, researchers also found a binary responsible for escalating privileges by exploiting CVE-2017-0213, a Microsoft Windows Server vulnerability that APT27 has used before.
Beyond the arsenal of tools matching up to previous APT27 operations, researchers noted code similarities with previous APT27 campaigns; and, the domains used in this operation were matched to other operations linked to APT27 previously, Omri Segev Moyal, CEO of Profero, told Threatpost.
News URL
https://threatpost.com/ransomware-major-gaming-companies-apt27/162735/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-12 | CVE-2017-0213 | Local Privilege Escalation vulnerability in Microsoft Windows COM Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". local microsoft | 1.9 |