ESET researchers tied the attacks to Winnti, a group that has been active since at least 2009. The group has been tied to the 2010 hack that stole sensitive data from Google and 34 other companies. The latest attack used a never-before-seen backdoor that ESET has dubbed PipeMon. To evade security defenses, PipeMon installers bore the imprimatur of a legitimate Windows signing certificate that was stolen from Nfinity Games during a 2018 hack of that gaming developer. The attack used the location of Windows print processors so it could survive reboots.”]