Cyberpunk and Witcher hackers don’t seem to be bluffing with $1M source code auction – The Verge3 min read

https://www.theverge.com/2021/2/10/22276664/cyberpunk-witcher-hackers-auction-source-code-ransomware-attack

The hackers who targeted computer game developer CD Projekt Red (CDPR) with a ransomware attack are now auctioning off the taken source code they obtained for a payday of potentially millions of dollars.
The breach, which CDPR first disclosed the other day after learning of it on Monday of this week, included important game code related to high-profile releases like The Witcher 3 and Cyberpunk 2077. CDPR said at the time that it had no objective of fulfilling the hackers demands, even if that suggested stolen product from the hack started flowing online.
That has now begun to take place, it appears. Earlier today, leakages of potentially genuine source code info started appearing on online forums, as kept in mind on Twitter by the cybersecurity account vx-underground:

This preliminary leak is thought to consist of source code of the CDPRs virtual card game Gwent, while vx-underground disclosed that auctions for the better source code were occurring on a hacking forum known as Exploit. We have not been able to verify that info, and CDPR has not responded to an ask for remark.
A cybersecurity company called KELA, which specializes in offering threat intelligence to companies based on analyses of dark web sites and communities, states it has factor to think the auctions are, in reality, genuine.
” We do believe that this is a genuine auction by a real seller who accessed the information. The seller offers to use a guarantor and he allows only those who have a deposit to get involved– a technique that is used by numerous sellers to reveal that they are serious and to guarantee that no fraud will happen,” a representative for KELA informs The Verge.
KELA says its danger intelligence expert, Victoria Kivilevich, had the ability to download a few of the details supplied to him by a specific claiming to be involved with the auctions. Kivilevich believes it is real, and KELA shared screenshots with The Verge of a few of the file lists presumably displaying taken source code of CDPRs Red Engine, its in-house game engine platform.

They mentioned beginning bid $1kk. They are likewise offering right away for $7,000,000. Attached images supplied by @DrFurfagMD pic.twitter.com/JnOcwnGqZk— vx-underground (@vxunderground) February 10, 2021

Its not clear whether the leakage from earlier today– which has already been eliminated from file upload sites like Mega and scrubbed from hacking online forums and other websites– is in any method related to the ransomware attack.

KELA says the auction is providing source code declare both the Red Engine and CDPR game releases, including The Witcher 3: Wild Hunt, Thronebreaker: The Witcher Tales spinoff, and the just recently released Cyberpunk 2077. The taken material is also thought to include internal documents, though its unclear what kinds of documents or additional product the complete cache includes.
KELA says the beginning cost of the auction is $1 million, with higher bids in increments of $500,000 and a buy-it-now rate of $7 million. Only users who deposit 0.1 bitcoin can get involved, which is why Kivilevich thinks the hackers are severe about hosting the auction and that the product for sale is likely legitimate because it guarantees no one taking part in the auction is attempting to scam the sellers.
Vx-underground also independently verified the rates terms of the auction after KELA had actually supplied the details to The Verge, including screenshots alleging its to take location tomorrow at 5AM ET/ 1PM Moscow Standard Time and run until 48 hours after the last quote.

Image: KELA

Image: KELA

Update: an error was made. They specified beginning quote $1kk. They are also offering right away for $7,000,000. Attached images supplied by @DrFurfagMD pic.twitter.com/JnOcwnGqZk— vx-underground (@vxunderground) February 10, 2021

Leave a Reply

Your email address will not be published. Required fields are marked *