Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 14:10:46 UTC
Home > List all groups > List all tools > List all groups using tool PipeMon
 Tool: PipeMon
Names PipeMon
Category Malware
Type Backdoor
Description
(ESET) In February 2020, we discovered a new, modular backdoor, which we named
PipeMon. Persisting as a Print Processor, it was used by the Winnti Group against
several video gaming companies that are based in South Korea and Taiwan and develop
MMO (Massively Multiplayer Online) games. Video games developed by these
companies are available on popular gaming platforms and have thousands of
simultaneous players.
In at least one case, the malware operators compromised a victim’s build system, which
could have led to a supply-chain attack, allowing the attackers to trojanize game
executables. In another case, the game servers were compromised, which could have
allowed the attackers to, for example, manipulate in-game currencies for financial gain.
Information MITRE ATT&CK Malpedia Last change to this tool card: 30 December 2022
Download this tool card in JSON format
All groups using tool PipeMon
Changed Name Country Observed
APT groups
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6e57fffd-aa82-4059-b3a3-9b8b8d2d834c
Page 1 of 2

APT 41 2012-Jul 2025
  Earth Lusca 2019-Sep 2024  
2 groups listed (2 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6e57fffd-aa82-4059-b3a3-9b8b8d2d834c
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6e57fffd-aa82-4059-b3a3-9b8b8d2d834c
Page 2 of 2