Dangerous GTA Online bug, Yandex source code leak and other cybersecurity developments

Round-up: Yandex leak, Hive takedown, Riot Games breach, and GTA Online bug.

We round up the week’s most important cybersecurity news.

Yandex services source code exposed publicly

On January 25 an unknown hacker posted a link to download a dump taken from Yandex’s internal repository. The dump total size was 44.7 GB. It contains the source code for 79 of the company’s services and products, including Yandex.Mail, Yandex.Taxi, Disk, and Alice.

All files dated February 24, 2022. Independent researchers shared various interesting findings about the leak.

According to Habr, fragments of source code leaked due to the fault of one of the company’s employees.

At Yandex confirmed the leak, emphasising that there was no breach of infrastructure, and repositories are used only for working with code and are not intended to store users’ personal data.

An internal investigation is underway.

FBI gains full control over Hive ransomware group’s servers

FBI, together with German and Dutch law enforcement, disrupted the Hive infrastructure.

Pursuant to a July 2022 court order, authorities gained access to two dedicated servers and one VPS hosted by an unnamed California-based hosting provider.

The operation allowed authorities to seize control of all Tor sites used by the group, and helped warn victims about attacks and issue more than 1,300 decryption keys to those affected.

Since June 2021 Hive attacks have affected hospitals, schools and critical infrastructure in more than 80 countries. The total ransom paid to the hackers exceeded $100 million in cryptocurrency.

Hackers breach Riot Games, demand $10 million

Riot Games, the maker of League of Legends and Valorant, said its development environment was compromised. As a result, the company postponed the release of several patches and updates.

Earlier this week, systems in our development environment were compromised via a social engineering attack. We don’t have all the answers right now, but we wanted to communicate early and let you know there is no indication that player data or personal information was obtained.

— Riot Games (@riotgames) January 20, 2023

The breach was carried out via social engineering. Hackers managed to steal the source code for League of Legends, Teamfight Tactics, and the user-mode anti-cheat Packman. Company specialists found no signs of players’ personal data being leaked.

Subsequently the attackers demanded a $10 million ransom, providing two large PDF files with the source code for Packman and League of Legends as evidence. The company declined to pay.

Today, we received a ransom email. Needless to say, we won’t pay.

While this attack disrupted our build environment and could cause issues in the future, most importantly we remain confident that no player data or player personal information was compromised.

2/7

— Riot Games (@riotgames) January 24, 2023

In preparation for the leak, Riot Games said the stolen source code contained several experimental features that were awaiting release and may never reach that stage.

Subsequently the attackers put the stolen data up for sale. The source code for League of Legends and Packman was valued at at least $1 million by the hackers. They were willing to part with the Packman anti-cheat source for $500,000.

Riot Games is now cooperating with law enforcement and external experts to investigate the incident.

Russia blocks Skiff secure email

The public organisation Roskomsvoboda drew attention that Skiff, an open-source email service, was added to the list of blocked sites.

The service, which positions itself as a decentralized and private email, was blocked on the basis of a decision by an unspecified government body.

Roskomsvoboda suggests that the designation hides the Russian Prosecutor General’s Office.

Access was restricted possibly due to anonymous bomb threats similar to those sent to Protonmail, Tutanota, Mailbox and others.

A dangerous bug in GTA Online

In the PC version of Grand Theft Auto Online, a vulnerability was found that could lead to loss of game progress, theft of in-game currency, bans and other consequences. One of the first to report the bug was the Twitter account Tez2.

#GTAOnline PC High Alert⚠️

New extreme exploits have appeared allowing cheaters to remotely add/remove/modify your stats and permanently corrupt your account aka ban/delete.

Avoid playing without a firewall rule or playing at all!🚨

Thanks to @HarryGotTaken for notifying. pic.twitter.com/tyh4tCInML

— Tez2 (@TezFunz2) January 20, 2023

On the GTA Online subreddit, users were advised not to log in until Rockstar Games releases a patch, as the exploit is already circulating online and could permanently corrupt accounts.

According to Bleeping Computer, the situation may be the work of North GTA Online, a cheat developer that added new “features” related to the vulnerability on January 20.

The developer said it removed the dangerous features the next day and apologized for the unexpected chaos this caused.

Nevertheless, experts warned of the potential for partial remote code execution via the bug. This could lead to account compromise and any computer on which the game is running.

Representatives of Rockstar Games have not commented on the incident yet.

Dragonbridge hackers blocked more than 100,000 social accounts

Hundreds of thousands of accounts tied to the Chinese hacking group Dragonbridge have been blocked by Google Threat Analysis Group.

The group, known since 2019, purchases Google accounts from major vendors and uses them to spread disinformation.

Despite the scale of the operation and the vast amount of content, Dragonbridge attracts almost no real audience. The majority of the group’s YouTube channels had no subscribers, and 83% of videos had fewer than 100 views.

Experts note that one of Dragonbridge’s objectives is to promote pro-China views on the coronavirus pandemic, criticise democratic protests, and support a closer union with Taiwan.

Also on ForkLog:

• Russians began buying data to circumvent blocks on Bitcoin exchanges.
• Media: Bithumb owner is wanted; raids were carried out at the exchange’s offices.
• Robinhood Twitter account was hacked to promote scams.
• NFT worth $1 million stolen from Moonbirds founder.
• Five illegal Bitcoin exchanges were shut down in Kazakhstan.
• Changpeng Zhao: FTX paid $43 million for a FUD campaign against Binance.
• Media: Binance processed Bitcoin transactions totaling $346 million for Bitzlato.
• FBI accused Lazarus Group and APT38 of hacking the Horizon bridge for $100 million.
• The Wormhole hacker moved assets totaling $157 million.
• Europol: Bitzlato exchanged more than $1 billion in assets tied to crime.
• Coinbase executive spotted possible insider trading on Binance.
• Users of Tornado Cash offered a way to prove the legitimacy of the funds’ origins.
• Cardano network outage affected half of the nodes.

What to read this weekend?

We invite you to read experts’ forecasts on potential cybersecurity threats and the future of freedom of expression in 2023.

Read ForkLog’s Bitcoin news in our Telegram — cryptocurrency news, prices and analysis.