- SMB Spotlight
A hacker group, codenamed Threat Group-3279 (TG-3279), is hitting the video games industry with a wave of advanced cyber attacks designed to steal source code, according to Dell SecureWorks.
Dell SecureWorks reported the campaign in a threat report, and said it has found evidence suggesting the hackers have been active since at least 2009.
"Due to information gathered from targeted hosts, CTU researchers believe with medium confidence that TG-3279 focuses on the collection of video game source code to crack those games for free use, to develop tools to cheat at the games, or to use the source code for competing products," read the report.
"Based upon Portable Executable (PE) compile dates, domain name registrations, collection dates of tools, the threat actors' activity on message boards, and activity observed by Dell SecureWorks Counter Threat Unit (CTU) researchers during incident response engagements, TG-3279 appears to have been active since 2009."
The hackers reportedly carry out initial reconnaissance work on their intended victims before hitting them with an unknown attack tool or strategy. "TG-3279 appears to perform reconnaissance on its targets via open source research and network scanning," read the report.
"It appears that TG-3279 uses a port scanning tool named ‘s' and an RDP brute force tool named ‘rdp_crk', which may be used to scan and exploit targets. As of this publication, CTU researchers have not discovered packaged exploits used by TG-3279 and believe that the threat actors rely on active ‘hands-on-keyboard' techniques to exploit targets."
The researcher found evidence that once in the network the hackers work to steal system administrator rights and regularly update their attack tools to ensure continued access to future games' source code.
"TG-3279 actors strive to access network and system administrators' accounts to gain the most access to the target organisation," said the report.
"In the operations observed by CTU researchers, TG-3279 maintained a long-lived foothold within infiltrated organisations. CTU researchers have observed TG-3279 actors refreshing their implanted tools with newer versions."
Dell SecureWorks reported the nature of the attacks indicate the hackers may be associated with the China Cracking Group and the Laurentiu Moon and Sincoder online hacker personas.
Data theft is an ongoing issue facing businesses of all sizes. PwC and the UK Department for Business, Innovation and Skills (BIS) reported that cyber attacks are costing businesses as much as £1.15 million per breach in April.