Friday, October 28, 2016

Gaming Platforms Attacked, Customer Info Targeted

Cyber hacktivism, threat actor group activity, and online gaming often go hand-in-hand because many threat actors also play online games. The combination of these activities can often result in the theft of credit card data and other forms of Personally Identifiable Information (PII) from online gaming accounts. In previous instances, threat actor groups that have attacked gaming and entertainment companies were later identified as having launched similarly styled attacks at financial institutions. Thus, knowledge of attacks against gaming and entertainment companies has the potential to provide future insight in to the Tactics, Techniques, and Procedures (TTPs) of attacks that may evolve to target the financial sector directly.

Key Findings:
  • Compromise of a gaming account can result in theft of credit card data and other forms of PII because many gaming services require payment for additional Downloadable Content (DLC), and credit card information is sometimes mandatory for creating an account.
  • Malware samples that were found inside Sony’s network in the U.S. were reported to share unique traits similar to the malware used to target the SWIFT network.
  • Threat actor groups Anonymous, Lizard Squad, LulzSec, and PoodleCorp have all attacked online gaming and entertainment companies as well as financial institutions.
  • Awareness and knowledge of threat actor groups attacking gaming and entertainment companies can provide potential insight into similarly styled attacks that may take place against the financial sector. 
  • Phantom Squad is one such threat actor group that has attacked gaming and entertainment companies but has not yet, at least, attacked financial institutions.

Publication date:                   26 October 2016
Handling requirements:       Traffic light protocol (TLP) AMBER.
Attribution/Threat Actors:  Criminal
Actor Type:                           Adversary capabilities have been assessed as Tier I-III*
Companies Targeted:           Online gaming and Entertainment Companies, Financial Sector

Past Reporting:                     DOC-3970, 3964, 1858, 2594, 4170, 1412

*Practitioners with between a novice and moderate depth of experience who rely on currently available tools and are also capable of discovering vulnerabilities.

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.