THE VIDEO GAMES INDUSTRY is at the mercy of a large scale advanced cyber attack campaign designed to steal source code, Dell's security arm Secureworks has revealed.
Codenamed Threat Group-3279 (TG-3279), the attackers are thought to have been active since at least 2009, a Secureworks report claimed, insisting that information gathered from targeted hosts suggests that TG-3279 focuses on the collection of video game source code.
"[This is] to crack those games for free use, to develop tools to cheat at the games, or to use the source code for competing products," read the report, which the firm said exhibits findings based upon Portable Executable (PE) compile dates, domain name registrations, collection dates of tools and the threat actors' activity on message boards.
Dell Secureworks Counter Threat Unit (CTU) researchers said that during incident response engagements they found that the hackers carry out initial reconnaissance work on their intended victims before hitting them with an unknown attack tool or strategy.
"TG-3279 appears to perform reconnaissance on its targets via open source research and network scanning," the report said. "It appears that TG-3279 uses a port scanning tool named 's' and an RDP brute force tool named 'rdp_crk', which may be used to scan and exploit targets."
Dell's CTU researchers said that they have not discovered packaged exploits used by TG-3279 and believe that the threat actors rely on active "hands-on-keyboard" techniques to exploit targets. They also found evidence that, once in the network, the hackers work to steal system administrator rights while regularly updating their attack tools to ensure continued access to future games' source code.
The nature of the attacks indicate that the hackers might be associated with the China Cracking Group and the Laurentiu Moon and Sincoder online hacker personas, Dell Secureworks' report added. µ