CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders

Rockstar GTA6 leak stems from cyberattack that breached internal slack channel – CPO Magazine

Game developer Rockstar has been cooking up the next title in its popular “Grand Theft Auto” video game series for almost a decade, almost as long as since the last title in the series was released. The next Grand Theft Auto 6 (GTA6) wasn’t due out until at least 2024, but a cyberattack gave audiences a major taste that Rockstar wasn’t prepared for. The GTA6 leak contains dev videos of various aspects of the game being tested, and the hacker claims they’re also sitting on stolen source code.

GTA6 Leak Shows First Version Of Game To Public; hacker claims to have stolen the source code

The first signs of the GTA6 leak appeared on the GTAForums website, the series’ biggest discussion forum for fans, on September 18. A user by the name of “teapotuberhacker” began posting what would ultimately be a set of 90 videos showing nearly an hour combined of development footage of an early version of the game. But it soon became apparent that the user did more than just show off; they claimed to have obtained the videos of a cyberattack that breached a Rockstar employee’s Slack channel, and that they also obtained the first source code for GTA6 as well as the complete source code for the previous title GTA5. The hacker said he wants to negotiate payment from Rockstar for the return of this stolen code.

Although these were rough test clips, the videos were nevertheless of a level of detail that would be extremely difficult to fake. Rockstar acknowledged the GTA6 leak was genuine shortly after the clips were released, but issued copyright strikes to have them taken down when posted on sites such as YouTube and Twitter.

The cyberattack on the Slack channel apparently led to the hacker directly uploading all these video clips. This to some extent mirrors the recent cyberattack on Uber, with the attacker first compromising employees’ VPN credentials and then appearing on the Slack channel to announce their presence. However, the Rockstar hacker does not appear to have had the level of full administrative access that the Uber hacker was lucky to have.

There are also questions as to whether the hacker ever really had access to the source code. Rockstar’s Tom Henderson took to Twitter to let users know that the GTA6 leaker couldn’t have accessed any type of source code just from the employees’ Slack channel. The hacker has responded to queries by posting specific code snippets requested by GTA5 modders that explain some previously obfuscated features; although the hacker only released a relatively small amount, this code appears to be genuine. However, they have yet to release any similar code confirming they have access to GTA6.

The source code wouldn’t put the game’s content at risk, since it’s in such an early, rough state and clearly lacks most of the assets and structure that will be in the final release. However, it could give hackers a roadmap for exploiting the game. A well-designed online game usually won’t give hackers access to users’ systems with any kind of privileged access, but in-game pranksters will likely have a field day with the experience to the point that it could alienate players and impact sales. Financially motivated hackers can also use the source code to develop ways to take control of user accounts or steal items from them. The GTA5 source code could also provide information of this nature on how GTA Online works, which was developed as a companion game that shares code and assets.

Craig McDonald, vice president of product management at BackBox, notes that there are still gaps in this story and that more information may emerge: “Although Rockstar has informed the press that the intrusion will not have no long-term effect on the development of the game, it is still unclear if the attacker had access to any data beyond the video clips that have been published.To be secure, all network infrastructure devices d An organization must have the latest operating systems and patches, and be configured in accordance with internal security policies as well as government and industry regulations.Such preventive measures often take precedence over more urgent network management tasks. Companies should therefore invest in network security automation to ensure a continuous flow of upgrades and patches. proper automation will ensure that these tasks run consistently and reliably, and can deter future data-compromising attacks from gaining access to critical and confidential information.

Rockstar cyberattack highlights importance of protecting employee VPN credentials and Slack logins

While the GTA6 leaker didn’t gain the same level of access to Rockstar’s systems, it may be the same part that recently broke into Uber. Although Rockstar has yet to point the finger, Uber said it believes the two companies’ hacker was a familiar face responsible for a string of cyberattacks against big tech names over the year. elapsed.

Based on its internal investigation, Uber pointed to the Lapsus$ group, which has previously been identified as a group made up mainly of teenagers from the UK and Brazil. This group has been active since 2021 and has affected a number of other major companies: Microsoft, Samsung, Nvidia, Ubisoft and T-Mobile among them. A wave of arrests took place in the UK in April 2022, including the alleged “mastermind” of the group, but the Brazilian component of the group (including the “super hacker” most responsible for the high-profile burglaries) is considered always be free and active. And most of the British components remain out of jail as they are under investigation, although supposedly under surveillance.

Given the similarities in cyberattacks, Uber believes Rockstar was also hit by Lapsus$. And the hacker seemed to confirm it, posting that they were responsible for both burglaries. If it was the same party, it’s likely they used the same “MFA fatigue” approach to compromising an employee’s credentials. In Uber’s case, the hacker was lucky enough to stumble upon administrator credentials for nearly the entire network sitting in a plain text PowerShell script; it doesn’t look like they had so much luck with the GTA6 leak.

According to Yana Blachman, Threat Intelligence Specialist at Venafi: “As cybercrime group Lapsus$ has been responsible for breaches at Nvidia, Microsoft and Samsung over the past year, these recent attacks on Uber and Rockstar show that it has an appetite for Big Tech. companies and should be a warning to the entire industry. Although the group is relatively young, its list of victims is starting to read like a “who’s who” of the tech industry. In the past – like the Samsung flaw – its attacks have been characterized by the use of stolen code-signed certificates. These are real crown jewels for hackers, as they allow malicious files to masquerade as legitimate. If organizations do not properly secure the code signing certificate management process and infrastructure, the likelihood of abuse, as well as the impact of any compromises, are both extremely high.

Confirmed #cyberattack on Rockstar led to GTA6 leaking in-game videos via internal Slack channel. The #hacker claims he is also sitting on stolen source code and is demanding a ransom. #cybersecurity #respectdataClick to tweet

The FBI is currently investigating both the GTA6 leak and the Uber cyberattack, and is said to be in “close coordination” with the two companies.


#Rockstar #GTA6 #leak #stems #cyberattack #breached #internal #slack #channel #CPO #Magazine

Leave a Comment

Your email address will not be published.