Weekly Cyber Reports

This Week in Cyber 23rd September 2022

Latest news & views from our Cyber Analysts

Written by

Team Nucleus

Written on

23rd September, 2022


Grand Theft Auto 6 Footage Leaked After Network Intrusion

On Monday, video game publisher and developer, Rockstar, best known for video game series Grand Theft Auto and Red Dead Redemption, confirmed they had been a victim of a 'network intrusion' that allowed hackers to download 'early development footage' of GTA 6. Around 90 videos and images were posted to the GTAForums site by user 'teapotuberhacker'. Rockstar also admitted the hacker had accessed confidential information which could include source code for GTA 5 and GTA 6, as well as assets related to the franchise.


They did however come out and say that this breach will not cause disruptions to the live services or ongoing projects. Not much is certain on how the hacker got hold of the data but teapotuberhacker claimed it was able to gain access by breaching the internal feed on the Slack Messaging app, possibly by use of brute forcing the authentication. The hacker has since stated they will be holding the data to ransom and more will be leaked if no deal is negotiated.


Uber investigating a potential breach of it’s computer systems

Uber have disclosed they are working with law enforcement agencies due to a breach of their network. The breach forced Uber to shut down internal communications and engineering systems. The attack originated from a compromised employee’s slack credentials which is a common tool used for communications between colleagues.


The malicious actor appears to be an 18-year-old who managed to social engineer the employee by acting as an IT technician. Interestingly, the attacker bypassed two-factor authentication by spamming the employee with push notifications whilst messaging the employee on WhatsApp. Once the slack account was compromised, the attacker managed to access other areas such as AWS instances but the extent of this is not known to the public at this time.


Imperva DDOS record has been broken – 25.3 Billion requests over 4 hours

Earlier this year in June, Imperva mitigated a DDOS attack which had a peak of 3.9 million requests per second. The designated target for this target was a large Chinese telecommunications company which is not an unusual target for large scale DDOS attacks according to Imperva. The attackers used HTTP/2 multiplexing which combines multiple packets into one which means multiple packets can be sent from an individual connection thus allowing the scale of the attack to multiply significantly. To achieve a request per second rate as high as the one seen the attackers needed a large botnet, this attack received connections from over 170,000 devices. This botnet consisted of routers, security cameras and compromised servers largely from USA, Brazil and Indonesia.  


Lockbit 3.0 encryptor source code released

The source code for the newly developed LockBit 3.0 encryptor has been leaked online. Although it was suspected to be the work of another hacking group, it actually appears to have been a disgruntled employee who leaked the source code. This new LockBit encryptor dubbed ‘LockBit Black’ has features such as anti-analysis, ransomware bug bounty program and new methods of extortion. Unfortunately, releasing the source code doesn’t make the ransomware obsolete, in fact the opposite is true and now means that less sophisticated hacking groups can use this source code to create their own ransomware. There will likely be a rise in ransomware attacks using this versions source code however slightly tailored to a specific victim.


Recommended Posts

Subscribe to Nucleus blog updates.

Subscribe to our newsletter and stay updated.

Subscribe to Nucleus