A ransomware gang that just emerged this month dubbed Egregor claims to have hacked the source code to the upcoming gaming release, Watch Dogs: Legion.
And in separate gaming news, a popular fantasy title called Albion — a massive multiplayer online role-playing game (MMORPG) — has been hacked. Cybercriminals are offering what they claim are game databases in underground forums.
Watch Dogs: Legion is due to be released a couple of weeks from now, on Oct. 29 – a highly anticipated release thanks to its 4K visuals, “ray tracing” capabilities and a planned Assassin’s Creed crossover.
The Egregor gang claims to have lifted both the code and some proprietary files from the game’s publisher, Ubisoft. Release of the source code would allow fans to develop game hacks and perform all kinds of “modding” (i.e., development of custom features) and jailbreaks.
The group also said that it has files Crytek relating to gaming titles like Arena of Fate and Warface.
According to a look at Egregor’s leak site portal by ZDNet, partial leaks for the hacks appear to have been posted. The operators emailed the outlet as well, noting that they only hacked Ubisoft and didn’t deploy its ransomware. Crytek, meanwhile, “has been encrypted fully.” In both cases, the companies haven’t responded to the incidents, according to the email.
“In case Ubisoft will not contact us we will begin posting the source code of upcoming Watch Dogs and their engine,” the hackers told ZDNet.
The data posted is somewhat inconclusive – the code in the portal could be from an older Watch Dogs version, for instance. In all, the data totals 20 MB from Ubisoft, and 300 MB from Crytek.
Egregor was first spotted in the wild in early October and late September, using a tactic of siphoning off corporate information and threatening a “mass-media” release of it before encrypting all files.
Egregor is an occult term meant to signify the collective energy or force of a group of individuals, especially when the individuals are united toward a common purpose — apropos for a ransomware gang. According to a recent analysis from Appgate, the code seems to be a spinoff of the Sekhmet ransomware (itself named for the Egyptian goddess of healing).
Neither company has acknowledged an attack. Threatpost has reached out for more information.
There is some precedent for hacking claims like these to be bogus. In September, reports surfaced that 500,000 Activision accounts may have been hacked, impacting online Call of Duty (CoD) players. The alleged breach was first flagged by the #oRemyy account on Twitter, and was quickly amplified by others, who claimed that accounts were being taken over and credentials changed, so that the legitimate users couldn’t recover them. The claims were picked up by gaming news outlet Dexterto.com and many others.
The gaming giant categorically disputed the claim as a widespread hoax.
Meanwhile, the Albion has disclosed a data breach resulting from an outside hack of its forum’s user database.
Albion is a fantasy-themed sandbox game in which players can go to battle, farm, forge alliances, defend territory, take on dragons and other monsters, and even invest in real estate. According to one tracker site, around 225,000 people play per day globally, and it has a total player base of 2.4 million active users.
According to game-owner Sandbox Interactive, the intruder was able to access forum-user profiles, including email addresses, encrypted (hashed and salted) passwords. No payment information was accessed, but the email addresses could be used in brute-force attacks on accounts.
Source: Albion Online
“If you have a forum account, you should, as a precaution, change the password to your Albion Online account,” the company noted. “Should you have also used the same password on other webpages or services, we strongly encourage you to change it there as well, and use unique passwords going forward.”
However, a hacker taking responsibility for the incident claims to have accessed much more than just emails and encrypted passwords. On an underground forum, someone is offering what they claim to be databases for payments, the main game and the forum; and source code for the Albion website and the forum.
> Threat actor claims he hacked Albion Online, a large MMORPG with over 180,000 daily players. > > The actor is claiming he has access to the main game's database, the payment database, and other databases containing sensitive information. pic.twitter.com/M8Qk3pI2rK > > — Alon Gal (Under the Breach) (@UnderTheBreach) October 17, 2020
For its part, Albion said that has closed off hacker access and is now “running additional checks to ensure the integrity of our systems. Because the safety of your data is a top priority for us, we will also be executing a full security review of all our systems to ensure your information remains absolutely safe.”
Threatpost has reached out to Ubisoft, Crytek and Albion/Sandbox Interactive for more details on all of these incidents.