[Security Weekly] Gaming Giant EA’s Source Code and Debug Tools Stolen From Cyberattack
2nd Week of June 2021
1. Video game giant Electronic Arts suffers cyberattack compromising source code
Electronic Arts (EA), one of the largest gaming companies in the world and the publisher of popular games like the FIFA series, Battlefield, and The Simpsons, suffered a cyberattack that compromised over 780 GB of data, mostly consisting of source code and debug tools.
The attackers posted the stolen data for sale at $28 million on a hacking forum, claiming that the data were large enough to exploit all EA services. According to the attackers’ claim, compromised data included the source code and debug tools for the Frostbite game engine, the server code that grants full access to the FIFA 21 matchmaking servers, the SDK, API keys, and debug tools to the yet unreleased FIFA 22, and the private SDKs and API keys for PlayStation and Xbox.
A spokesperson at EA stated that only a limited number of source code was stolen, and that the personal information and account details of players remained safe. Additionally, they claimed that it was not a ransomware attack and thus would not affect the games and the company’s operations.
Despite not posing any immediate threat on user information, cybersecurity experts warned that the source code could be used to build knockoffs of the unreleased games, which could be injected with backdoors, potentially posing threat to user accounts and personal data.
2. NYC Law Department shuts down systems for days following ransomware attack
The New York City Law Department suffered a cyber intrusion on June 5 that forced the agency to suspend all its IT systems. The agency consists of about 1,000 lawyers, representing the city in all legal affairs. The attack had put a hold on all legal work in progress for over three days.
On June 7, NYC officials confirmed a ransomware attack in the Law Department, leading to a joint investigation by the NYC police and FBI. The agency’s IT network was immediately cut off from the rest of the city’s government network. Even though no evidence of data compromise had been found, officials warned of potential sensitive data exposure.
Officials said that the ransomware strain deployed was commonly used by state-sponsored hacker groups, although it remained unclear who was responsible for the attack.
According to sources from the New York Daily News, prior to the attack, the Law Department had received warnings from the city’s Department of IT and Telecommunications on using software programs that had well passed their end of life. This included a number of computers operating on Windows 7 and running Microsoft Office 2010. The Law Department refused to comment on these claims.
3. Memory and storage giant ADATA attacked by Ragnar Locker ransomware
Taiwanese-based ADATA, a global manufacturer of DRAM modules, HDD, SSD, USB Flash drives, and memory cards, was attacked by the Ragnar Locker ransomware gang on May 23, who claimed to have stolen 1.5 TB of sensitive data. Once the world’s second-largest DRAM maker, the company had recently expanded to other business areas such as robotics and electric powertrain.
After discovering the attack, ADATA immediately shut down all its IT systems to prevent the ransomware from spreading. As of June 8, the company said that all systems were restored and that normal operations resumed.
However, over the weekend of June 6, the Ragnar Locker ransomware gang posted on its leak site claiming to have stolen 1.5 TB of data prior to deploying ransomware. Screenshots of files were uploaded, which included the company’s proprietary information, financial information, employee information, legal documents and contracts, as well as source code.
ADATA did not provide further information in response to the ransom demand.
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: ISign+
Car, Energy, Factory, City Solutions: Penta IoT Security