All the latest UK technology news, reviews and analysis

Hacker crack squad hitting the video game industry with IP-stealing attacks

30 Jul 2014
Hackers stealing source code from games

A hacker group, codenamed Threat Group-3279 (TG-3279), is hitting the video games industry with a wave of advanced cyber attacks designed to steal source code, according to Dell SecureWorks.

Dell SecureWorks reported the campaign in a threat report, and said it has found evidence suggesting the hackers have been active since at least 2009.

"Due to information gathered from targeted hosts, CTU researchers believe with medium confidence that TG-3279 focuses on the collection of video game source code to crack those games for free use, to develop tools to cheat at the games, or to use the source code for competing products," read the report.

"Based upon Portable Executable (PE) compile dates, domain name registrations, collection dates of tools, the threat actors' activity on message boards, and activity observed by Dell SecureWorks Counter Threat Unit (CTU) researchers during incident response engagements, TG-3279 appears to have been active since 2009."

The hackers reportedly carry out initial reconnaissance work on their intended victims before hitting them with an unknown attack tool or strategy. "TG-3279 appears to perform reconnaissance on its targets via open source research and network scanning," read the report.

"It appears that TG-3279 uses a port scanning tool named ‘s' and an RDP brute force tool named ‘rdp_crk', which may be used to scan and exploit targets. As of this publication, CTU researchers have not discovered packaged exploits used by TG-3279 and believe that the threat actors rely on active ‘hands-on-keyboard' techniques to exploit targets."

The researcher found evidence that once in the network the hackers work to steal system administrator rights and regularly update their attack tools to ensure continued access to future games' source code.

"TG-3279 actors strive to access network and system administrators' accounts to gain the most access to the target organisation," said the report.

"In the operations observed by CTU researchers, TG-3279 maintained a long-lived foothold within infiltrated organisations. CTU researchers have observed TG-3279 actors refreshing their implanted tools with newer versions."

Dell SecureWorks reported the nature of the attacks indicate the hackers may be associated with the China Cracking Group and the Laurentiu Moon and Sincoder online hacker personas.

Data theft is an ongoing issue facing businesses of all sizes. PwC and the UK Department for Business, Innovation and Skills (BIS) reported that cyber attacks are costing businesses as much as £1.15 million per breach in April.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Head of Digital Product Management

Head of Digital Product Management is required for a...

Front End UI / UX Developer - HTML5 - Big Data Analytics

Front End UI / UX Developer - HTML5 - Big Data Analytics...

Software Trainer - Marketing Data Analysis & Automation Software

Software Trainer - Marketing Data Analysis & Automation...

Technical Support Consultant -SQL- Marketing Analysis/Automation

SaaS / Technical Support Consultant - SQL - Marketing...
To send to more than one email address, simply separate each address with a comma.