All the latest UK technology news, reviews and analysis

Hacker crack squad hitting the video game industry with IP-stealing attacks

30 Jul 2014
Hackers stealing source code from games

A hacker group, codenamed Threat Group-3279 (TG-3279), is hitting the video games industry with a wave of advanced cyber attacks designed to steal source code, according to Dell SecureWorks.

Dell SecureWorks reported the campaign in a threat report, and said it has found evidence suggesting the hackers have been active since at least 2009.

"Due to information gathered from targeted hosts, CTU researchers believe with medium confidence that TG-3279 focuses on the collection of video game source code to crack those games for free use, to develop tools to cheat at the games, or to use the source code for competing products," read the report.

"Based upon Portable Executable (PE) compile dates, domain name registrations, collection dates of tools, the threat actors' activity on message boards, and activity observed by Dell SecureWorks Counter Threat Unit (CTU) researchers during incident response engagements, TG-3279 appears to have been active since 2009."

The hackers reportedly carry out initial reconnaissance work on their intended victims before hitting them with an unknown attack tool or strategy. "TG-3279 appears to perform reconnaissance on its targets via open source research and network scanning," read the report.

"It appears that TG-3279 uses a port scanning tool named ‘s' and an RDP brute force tool named ‘rdp_crk', which may be used to scan and exploit targets. As of this publication, CTU researchers have not discovered packaged exploits used by TG-3279 and believe that the threat actors rely on active ‘hands-on-keyboard' techniques to exploit targets."

The researcher found evidence that once in the network the hackers work to steal system administrator rights and regularly update their attack tools to ensure continued access to future games' source code.

"TG-3279 actors strive to access network and system administrators' accounts to gain the most access to the target organisation," said the report.

"In the operations observed by CTU researchers, TG-3279 maintained a long-lived foothold within infiltrated organisations. CTU researchers have observed TG-3279 actors refreshing their implanted tools with newer versions."

Dell SecureWorks reported the nature of the attacks indicate the hackers may be associated with the China Cracking Group and the Laurentiu Moon and Sincoder online hacker personas.

Data theft is an ongoing issue facing businesses of all sizes. PwC and the UK Department for Business, Innovation and Skills (BIS) reported that cyber attacks are costing businesses as much as £1.15 million per breach in April.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Tech gifts for Christmas 2014

Is a new tablet on your wish list this festive season, or have they become yesterday’s fad?

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

IT Technician

IT Technician Internal Grade: 3 Ref : JDITTech...

Scala or Java Backend Developer

You will be primarily involved in the design and development...

Head of IT

The City of London Corporation is one of the most dynamic...

Analyst Programmer

Student Experience – Learning Resources (Library and...
To send to more than one email address, simply separate each address with a comma.