Tuesday, May 24, 2022
  • BSides Prishtina 2022 – Shkumbin Saneja’s ‘Towards Zero Trust Architecture’
  • How often do you train on security awareness?
  • Does BYOD Hurt or Help Work-Life Balance? 
  • CyRC Case Study: Securing BIND 9
  • Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 382’

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Events
    • Upcoming Events
    • Upcoming Webinars
    • On-Demand Events
    • On-Demand Webinars
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About Us

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Malware Security Bloggers Network 

Home » Cybersecurity » Data Security » Operation ShadowHammer: Hackers planted malware code in video games

SBN

Operation ShadowHammer: Hackers planted malware code in video games

by Graham Cluley on April 25, 2019

Last month the world was reminded once again of the danger of supply chain attacks, as it was revealed that hackers had compromised the network of Taiwanese technology giant ASUS to push out a malicious software update to as many as one million laptops.

Cybersecurity Live - Boston

The attack, dubbed “Operation ShadowHammer” by security researchers, saw hackers successfully sign their malware with two of ASUS’s own digital certificates, increasing the chances that customers would not suspect anything awry.

Now the same security experts have uncovered evidence that the same attackers also targeted Asian video game software houses by poisoning developer tools, that left game players with trojanised code running on their computers.

The way in which the three video game developers came to have their systems compromised by the hackers are rather bizarre, and underline the difficulties that businesses can face in ensuring that they have an entirely secure supply chain.

Back in 2012, a company called Hammerpoint Interactive developed an open world zombie-shooting game called “The War Z, published by OP Productions on Steam.

The game’s debut was marred by controversy, with disappointed players ultimately offered refunds as the game failed to live up to its marketing claims. Things were so bad that the game has even made it onto Wikipedia’s list of the worst games of all time.

Eventually, perhaps attempting to hide away from the bad publicity, the game was renamed “Infestation: Survivor Stories”, but not before it was announced on April 4, 2013, that hackers had compromised the game’s servers after exploiting security vulnerabilities.

At the time it was reported that whoever hacked the video game’s servers had stolen the email addresses, character names, IP addresses and hashed passwords of forum members and players. But in addition, it appears that the game’s source code was also stolen, and (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/operation-shadowhammer-hackers-planted-malware-code-video-games/

April 25, 2019April 25, 2019 Graham Cluley Featured Articles, IT Security and Data Protection, Malware, ShadowHammer, supply chain, video game
  • ← Congress asks Google to explain why it tracks users’ ‘whole pattern of life’
  • The Most Common Types of Reported Emails →

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Most Read on the Boulevard

The True Danger for Organizations: Unpatched Vulnerabilities
US Lawmakers Seek Uniform Policy on Nation-State Cyberattacks
Staying Protected Against Ongoing Uncertainty
Cars in the Crosshairs: Automakers, Regulators Take on Cybersecurity
Flawed MFA Opens Doors to Ransomware
Cloud computing concentration and systemic risk
Insider Risk Management—A 7 Step Approach to Zero Trust (Part 1)
Create a JumpCloud-Managed VPN Using Pritunl
What Is TDD? How It Helps Businesses
New ‘pymafka’ malicious package drops Cobalt Strike on macOS, Windows, Linux

Upcoming Webinars

Thu 26

Challenges and Opportunities for Improving Secure Coding Practices

May 26 @ 3:00 pm - 4:00 pm
Tue 31

Leveraging a Cloud Data Platform to Respond to Cybersecurity Events

May 31 @ 11:00 am - 12:00 pm
Jun 01

The 2022 Guide to API Security

June 1 @ 11:00 am - 12:00 pm
Jun 01

Security From Code to Cloud and Back to Code

June 1 @ 1:00 pm - 2:00 pm
Jun 08

Beyond Unification: How CNAP Should Reduce Cloud Security Risk

June 8 @ 11:00 am - 12:00 pm
Jun 08

When Less Is More: Full Life Cycle Serverless Security

June 8 @ 1:00 pm - 2:00 pm
Jun 15

Top 5 Reasons Why Effective SDLC Security Controls Are So Difficult

June 15 @ 1:00 pm - 2:00 pm
Jun 21

Why Cloud-Native Applications and APIs Are at Risk

June 21 @ 1:00 pm - 2:00 pm
Jun 28

CISO Talk Master Class Episode: Catch Lightning in a Bottle – The Essentials: Bringing It All Together

June 28 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The State of Cloud Native Security 2020

Industry Spotlight

Cars in the Crosshairs: Automakers, Regulators Take on Cybersecurity
Cybersecurity Governance, Risk & Compliance Industry Spotlight IoT & ICS Security Security Awareness Security Boulevard (Original) Threat Intelligence 

Cars in the Crosshairs: Automakers, Regulators Take on Cybersecurity

May 23, 2022 Mike Hodge | Yesterday 0
Establishing a Root of Trust in Embedded Linux and IoT
Cybersecurity Endpoint Industry Spotlight IoT & ICS Security Security Boulevard (Original) Vulnerabilities 

Establishing a Root of Trust in Embedded Linux and IoT

April 18, 2022 Anita Buehrle | Apr 18 Comments Off on Establishing a Root of Trust in Embedded Linux and IoT
Attorney-Client Privilege and Email Privacy
Cybersecurity Data Security Identity & Access Industry Spotlight Network Security Security Boulevard (Original) 

Attorney-Client Privilege and Email Privacy

April 7, 2022 Mark Rasch | Apr 07 Comments Off on Attorney-Client Privilege and Email Privacy

Top Stories

Zola Wedding App ‘Hacked’ — Victims Lose BIG Money
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access Incident Response Mobile Security Most Read This Week Network Security News Popular Post Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Zola Wedding App ‘Hacked’ — Victims Lose BIG Money

May 24, 2022 Richi Jennings | 5 hours ago 0
Oracle Adds Services to Strengthen Cloud Security
Application Security Cloud Security Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight 

Oracle Adds Services to Strengthen Cloud Security

May 24, 2022 Michael Vizard | 6 hours ago 0
US Lawmakers Seek Uniform Policy on Nation-State Cyberattacks
Analytics & Intelligence Cyberlaw Cybersecurity Featured Governance, Risk & Compliance News Security Boulevard (Original) Threats & Breaches 

US Lawmakers Seek Uniform Policy on Nation-State Cyberattacks

May 20, 2022 George V. Hulme | 3 days ago 0

Security Humor

XKCD 'Angular Diameter Turnaround'

XKCD ‘Angular Diameter Turnaround’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Techstrong Research
  • Techstrong TV
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
  • Digital Anarchist
Powered by Techstrong Group
Copyright © 2022 Techstrong Group Inc. All rights reserved.