The hackers who targeted CD project developer CD Projekt Red (CDPR) with a ransom attack are now auctioning off the stolen source code they acquired for a payday of possibly millions of dollars.
The violation, which CDPR announced yesterday after it was heard on Monday this week, involved critical game codes related to high-stakes releases such as The Witcher 3 and Cyberpunk 2077. CDPR said at the time that it did not intend to meet the demands of the hackers, even if it meant that stolen material from the hack had started circulating online.
It’s starting to happen now, it seems. Earlier today, leaks of potentially legitimate source code information began appearing on online forums, as noted on Twitter by the cybersecurity account vx underground:
This initial leak apparently contains the source code of the CDPR’s virtual card game Gwent, while vx-underground announced that auctions for the more valuable source code were taking place on a hacking forum known as Exploit. We were unable to verify the information and CDPR did not respond to a request for comment.
But a cyber security firm called KELA, which specializes in providing threat intelligence to companies based on analyzes of dark websites and communities, says it has reason to believe the auctions are in fact legal.
‘We do believe that it was a real auction by a real seller who gained access to the information. The seller offers to use a sponsor and he only allows those who have a deposit to participate – a tactic used by many sellers to show that they are serious and to ensure that no scam takes place, says a KELA spokesperson. The edge.
According to KELA, Victoria Kivilevich, a threat intelligence analyst, was able to download some of the information provided to him by an individual claiming to be involved in the auctions. Kivilevich believes this is genuine, and KELA shared screenshots with The edge of some of the file lists that allegedly display the stolen source code of CDPR’s Red Engine, its own game engine platform.
:format(webp):no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/22295499/WhatsApp_Image_2021_02_10_at_14.12.09.jpeg)
Image: KELA
:format(webp):no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/22295501/WhatsApp_Image_2021_02_10_at_14.12.10.jpeg)
Image: KELA
KELA says the auction offers source code files for the Red Engine and CDPR game releases, including The Witcher 3: Wild Hunt, Thronebreaker: The Witcher Tales spin-off, and the newly released Cyberpunk 2077. The stolen material apparently also contains internal documents, although it is not clear what types of documents or additional material the complete case contains.
According to KELA, the starting price of the auction is $ 1 million, with higher bids in increases of $ 500,000 and a buy-it-now price of $ 7 million. Only users who deposit 0.1 bitcoin can participate, so Kivilevich believes that the hackers are serious about offering the auction and that the material for sale is probably legal because it ensures that no one participating in the auction tries to sell. do not cheat.
Vx-underground also independently verified the price terms of the auction after KELA provided him with the information The edge, including screenshots claiming that it will take place tomorrow at 17:00 ET / 13:00 in Moscow’s standard time and lasts up to 48 hours after the last bid.
Update: An error occurred. They have a starting bid of $ 1kk. It was accepted as a typo for $ 1,000. They meant $ 1,000,000. They also sold immediately for $ 7,000,000.
Attached images provided by @DrFurfagMD pic.twitter.com/JnOcwnGqZk
– vx-underground (@vxunderground) 10 February 2021
It is not clear if the leak of earlier today – which has already been removed from file upload sites such as Mega and scrubbed from hacking forums and other sites – has anything to do with the attack on ransomware.