Jul 292014


Great real world example of how the cyber-baddies out there attack video game companies.  Note: It’s a technical article with loads of security speak.

“Threat Group-3279[i] (TG-3279) targets the entertainment and video game industries. Based upon Portable Executable (PE) compile dates, domain name registrations, collection dates of tools, the threat actors’ activity on message boards, and activity observed by Dell SecureWorks Counter Threat Unit™ (CTU) researchers during incident response engagements, TG-3279 appears to have been active since 2009. CTU researchers believe that TG-3279 is associated with the China Cracking Group and that the Laurentiu Moon and Sincoder personas are TG-3279 actors. Due to information gathered from targeted hosts, CTU researchers believe with medium confidence that TG-3279 focuses on the collection of video game source code to crack those games for free use, to develop tools to cheat at the games, or to use the source code for competing products. The best method for detecting TG-3279 activity is to look for modifications to system files, invalidly signed executables, and repeated non-existent domain (NXDomain) DNS replies…”

Read the full article from Dell SecureWorks website:


 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>