Video game companies are once again victims of the Winnti hacking group, who used new malware PipeMon and a novel method to achieve persistence. The threat actor is well-known for supply-chain attacks, trojanizing software used by millions of users (Asus LiveUpdate, CCleaner) or in the financial sector (NetSarang) The group also targeted organizations in the healthcare and education sectors. ESET notes that a similar technique was seen with DePriMon downloader but the way PipeMon does it has not been documented before.
Source: https://www.bleepingcomputer.com/news/security/new-pipemon-malware-uses-windows-print-processors-for-persistence/