Fortnite game developer Epic Games allegedly hacked | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Fortnite game developer Epic Games allegedly hacked

A ransomware gang claims to have nearly 200 gigabytes of Epic Games’ internal data, including source code and payment information.

A relative newcomer to the ransomware scene is claiming to have successfully hacked game developer and distributor Epic Games.

The Mogilevich gang made the claim overnight, posting the details of the apparent hack on its darknet leak site.

“We have quietly carried out an attack to [sic] Epic Games’ servers,” a Mogilevich spokesperson said.

The gang claims to have 189 gigabytes of data, including “email, passwords, full name, payment information, source code and many other data”. The data is currently listed as up for sale.

“If you are an employee of the company or someone who would like to buy the data, click on me,” a hyperlink on the site said. The link leads to the group’s contact page, where a Tox messaging address can be found.

Mogilevich has not asked for a specific dollar figure for the data, and the current deadline for Epic Games to pay – or for someone else to purchase the data outright – is 4 March. Nor has it posted any proof-of-hack material, as Rhysida did with last year’s Insomniac Games hack.

Epic Games is known for the phenomenally popular online shooter Fortnite, as well as older titles like Unreal Tournament and the Gears of War series. Epic also runs its own online storefront the Epic Games Store selling the games of other developers and publishers.

The company has offices all over the world, including in Australia, and owns several other subsidiaries.

Who is Mogilevich?

Mogilevich is a new threat actor in the ransomware space – Epic Games is only its fourth victim, with its first being Nissan subsidiary Infiniti USA on 20 February this year.

The gang is possibly Russian-speaking, and while, so far, it appears to be operating on its own behalf, it is also advertising itself as a ransomware-for-hire operation.

We’re in the process of putting together a profile of the new operation with everything we’ve been able to discover about it so far, so watch this space.


Click Here For The Original Source.


National Cyber Security