Risk actor Lapsus$ is now seemingly liable for hacking gaming huge Rockstar Online games soon after focusing on mega-models like Microsoft, Cisco, Samsung, Nvidia, Okta and in all probability Uber.
An account functioning title ‘teapotuberhacker’ posted on GTAForums all around 90 videos of what appeared to be in-progress footage of the forthcoming Rockstar Game titles installment, Grand Theft Vehicle 6 – that the publisher confirmed it was functioning on before this 12 months.
The movies, which totaled all around 50 minutes of footage, incorporated short clips of animation exams to additional in depth animation scenes. They had been then commonly shared on social media.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
Just after publishing the alleged in-enhancement footage on September 18, 2022, teapotuberhacker left a information claiming they preferred to “negotiate a deal” with the activity publisher to return unreleased facts, which include the supply code for Grand Theft Automobile 5 and the in-growth variation of Grand Theft Vehicle 6.
“This is not the 1st case the place a cyber-criminal group has stolen an organization’s source code, with both LastPass and Midea Team suffering a equivalent destiny in the final month. Resource code is portion of a company’s intellectual residence and as a result retains enormous worth to cyber criminals. It can be utilised to find concealed security vulnerabilities and launch even more attacks on a organization,” Sam Linford, VP of EMEA Channels at Deep Intuition, explained to Infosecurity Journal.
Nonetheless, in a concept to Infosecurity on September 19, Craig McDonald, VP of Product or service Administration at BackBox, insisted that at current, “it is nonetheless unclear if the attacker acquired accessibility to info beyond the video clips that ended up posted.”
Rockstar Video games and its dad or mum enterprise, Choose-Two Interactive, acknowledged the leak on September 19, 2022.
In a statement posted to Twitter, Rockstar stated: “We just lately experienced a network intrusion in which an unauthorized 3rd party illegally accessed and downloaded confidential facts from our units, which includes early development footage for the next Grand Theft Automobile. At this time, we do not foresee any disruption to our are living sport providers nor any prolonged-term outcome on the improvement of our ongoing jobs. [..] Our operate on the next Grand Theft Automobile sport will proceed as prepared, and we […] will update all people again shortly and, of class, will appropriately introduce you to this up coming video game when it is prepared.”
A Information from Rockstar Games pic.twitter.com/T4Wztu8RW8
— Rockstar Games (@RockstarGames) September 19, 2022
Just take-Two has issued takedown notices to GTAForums and social media accounts, like YouTube and the GTA subreddit. The primary GTAForums thread started out by teapotuberhacker was taken off, then relaunched with all links and GTA 6 aspects taken off, reported The Guardian.
Lapsus$ gang buoyant in modern months
It seems that teapotuberhacker acquired administrative access to the Rockstar Game titles inner network following an staff clicked on a malicious email. The danger actor was then in a position to obtain the video clips from the staff members’ Slack channels – a comparable approach was applied in a recent Uber facts breach, which teapotuberhacker also claimed responsibility for.
In a September 19 update, Uber said the perpetrator could be linked with the Lapsus$ hacking gang that has been notably lively not too long ago, reportedly targeting tech businesses this kind of as Microsoft, Cisco, Samsung, Nvidia and Okta.
“This cyberattack must serve as the catalyst to modify mindsets and attitudes in the direction of cybersecurity,” mentioned Linford, “Breaches like this exhibit us that it is far more critical than ever to carry out preventative measures: assess cyber safe system and guidelines, accurately estimate, and quantify the impacts of a cyberattack and the influence on the organization in the scenario of info leak and prioritize the defense of information. Organizations need to get preventive actions that end cyberattacks in advance of they breach the network. Businesses want a line of protection which can quit these attacks just before they have time to execute, allow alone steal details.”
“To be protected, all the infrastructure products in an organization’s network will have to have the newest functioning programs and patches and be configured in compliance with interior security guidelines as properly as government and business polices. Preventative steps like that often acquire a back seat to much more pressing network management jobs, so companies really should commit in network security automation to make sure a steady movement for upgrades and patches. Utilizing a baseline for proper automation will be certain that these jobs are working persistently and reliably and can discourage upcoming information-compromising attacks from accessing critical and confidential info,” added McDonald.
Some parts of this write-up are sourced from:
www.infosecurity-magazine.com