All the latest UK technology news, reviews and analysis


Hacker crack squad hitting the video game industry with IP-stealing attacks

30 Jul 2014
Hackers stealing source code from games

A hacker group, codenamed Threat Group-3279 (TG-3279), is hitting the video games industry with a wave of advanced cyber attacks designed to steal source code, according to Dell SecureWorks.

Dell SecureWorks reported the campaign in a threat report, and said it has found evidence suggesting the hackers have been active since at least 2009.

"Due to information gathered from targeted hosts, CTU researchers believe with medium confidence that TG-3279 focuses on the collection of video game source code to crack those games for free use, to develop tools to cheat at the games, or to use the source code for competing products," read the report.

"Based upon Portable Executable (PE) compile dates, domain name registrations, collection dates of tools, the threat actors' activity on message boards, and activity observed by Dell SecureWorks Counter Threat Unit (CTU) researchers during incident response engagements, TG-3279 appears to have been active since 2009."

The hackers reportedly carry out initial reconnaissance work on their intended victims before hitting them with an unknown attack tool or strategy. "TG-3279 appears to perform reconnaissance on its targets via open source research and network scanning," read the report.

"It appears that TG-3279 uses a port scanning tool named ‘s' and an RDP brute force tool named ‘rdp_crk', which may be used to scan and exploit targets. As of this publication, CTU researchers have not discovered packaged exploits used by TG-3279 and believe that the threat actors rely on active ‘hands-on-keyboard' techniques to exploit targets."

The researcher found evidence that once in the network the hackers work to steal system administrator rights and regularly update their attack tools to ensure continued access to future games' source code.

"TG-3279 actors strive to access network and system administrators' accounts to gain the most access to the target organisation," said the report.

"In the operations observed by CTU researchers, TG-3279 maintained a long-lived foothold within infiltrated organisations. CTU researchers have observed TG-3279 actors refreshing their implanted tools with newer versions."

Dell SecureWorks reported the nature of the attacks indicate the hackers may be associated with the China Cracking Group and the Laurentiu Moon and Sincoder online hacker personas.

Data theft is an ongoing issue facing businesses of all sizes. PwC and the UK Department for Business, Innovation and Skills (BIS) reported that cyber attacks are costing businesses as much as £1.15 million per breach in April.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
13%
4%
10%
4%
22%
4%
43%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

IT Infrastructure Manager

Closing Date: 13/10/2014 Working within a diverse and...

IT Development Manager

This is a unique and senior opportunity to establish...

PHP/LAMP Engineer/Developer - MySQL

PHP/LAMP Engineer/Developer - MySQL My client is currently...

Business Analyst

Information and Library Services Location: Avery...
To send to more than one email address, simply separate each address with a comma.