CD Projekt Red
Earlier this week, CD Projekt Red announced that hackers had infiltrated their networks and taken various internal documents and the game’s source code, which the culprits threatened to reveal to the public unless a ransom was paid. Instead, the study went public, promising that it “will not give in to lawsuits or negotiate” with thieves, despite acknowledging “that this may eventually lead to the disclosure of compromised data.” The file title obviously suggests there is more to come, like a readme file found inside, warning that a second leak will occur the next day, which is today.
Cobalt Strike
CD Projekt Red said that hackers were also able to encrypt some devices on its network, although it was able to protect its IT infrastructure shortly after the attack and had started restoring locked data from backups. The CyberNews report says that the author of the forum post linking to the leaked data has previously written about the open source Cobalt Strike ransomware, as well as other topics indicating that they have the necessary skills and tools to carry out a successful ransomware attack and cybersecurity. Expert Luca Mella told the site that he believes the perpetrator is related to the HelloKitty ransomware group, echoing thoughts expressed shortly after the attack by Emisoft’s chief technology officer, Fabian Wosar.
“This could mean that the group is quite new and potentially growing rapidly after the engagement of such a high-value victim,” Mella said. “Many other younger affiliates can join their operations after this. CD Projekt is really popular and widely discussed among the 4chan archive gaming and underground communities.”
