Hackers auction alleged stolen Cyberpunk 2077, Witcher source code

[Karlston]

Hackers auction alleged stolen Cyberpunk 2077, Witcher source code

 

Threat actors are auctioning the alleged source code for CD Projekt Red games, including Witcher 3, Thronebreaker, and Cyberpunk 2077, that they state were stolen in a ransomware attack.

 

Yesterday, CD Projekt suffered a ransomware attack where the attackers claim to have stolen unencrypted source code for Cyberpunk 2077, Witcher 3, Gwent, and an unreleased version of Witcher 3.

 

As part of the double-extortion attempt, the attackers threatened to release or sell the stolen data if CDPR did not pay the ransom.

 

 

This attack was later confirmed to be conducted by the HelloKity ransomware group.

 

When disclosing the attack, CD Projekt stated that they would not give into the ransom demands and are restoring from backups instead.

Threat actors begin to auction allegedly stolen data

Today, security researcher VX-Underground tweeted that the threat actors have started to auction what they claim is stolen data from the CD Projekt attack.

 

This data allegedly includes stolen internal documents, 'CD Projekt offenses,' and the source code for Cyberpunk 2077, Witcher 3, Thronebreaker, and an unreleased Witcher 3 version with raytracing.

Auction post for CD Projekt Red files

The starting price for this auction is $1 million with bid increments of $500,000 and a 'blitz' or buy now price of $7 million.

 

To prove the stolen data's validity, the seller known as 'redengine' has shared a text file containing a directory listing from the alleged Witcher 3 source code.

 

Cyber intelligence firm Kela told BleepingComputer that they believe the auction to be legitimate due to the directory listing and the demand to use a middle man to handle the sale.

 

"The seller is requiring buyers to use a guarantor and have a deposit - this user is new to the forum, but we think that maybe this is a known user that just created a new account in order to prevent them from being traced by researchers."

 

"Additionally, the demand for using a middleman seems to be their way to ensure that there is no scam that will occur," Kela threat intelligence analyst Victoria Kivilevich told BleepingComputer.

Alleged Gwent source code released for free

A threat actor who claims to be part of the HelloKitty ransomware operation told BleepingComputer that the auction is only being held on the well-known cybercrime forum Exploit.in.

 

As part of this data leak and to further prove the data's validity, this threat actor released a 21 GB archive for free on hacker forums that allegedly contains the source code for the Gwent card game.

Directory listing of alleged Gwent source code

BleepingComputer has not been able to verify if the source code is legitimate independently. 

 

BleepingComputer has contacted CD Projekt to confirm if this leaked data is legitimate but has not heard back.

 

 

Hackers auction alleged stolen Cyberpunk 2077, Witcher source code

[Karlston]

Cyberpunk 2077 studio’s hacked data has reportedly been sold

The hackers say they received an offer outside of the auction

 

Image: CD Projekt Red

Hackers have reportedly sold the game source code and other information stolen from Cyberpunk 2077 and The Witcher 3 studio CD Projekt Red (CDPR). Cybersecurity firm Kela released screenshots of a post on the hacking forum Exploit allegedly posted by the attackers, saying that they’ve received an offer for the data from outside the forum. They added that they ended the auction at the request of the buyer. Cybersecurity Twitter account vx-underground subsequently confirmed that the auction had closed.

 

On Tuesday, CDPR disclosed it had been the victim of a ransomware attack in which hackers had collected “certain data” from the company. It posted a ransom note from the hackers, in which they claimed to have access to source code from the studio’s most popular games, as well as internal legal, HR, and financial documents. CDPR said it would not give in to the demands or negotiate with the hackers, even if that meant the stolen data would begin circulating online.

 

 

 

It is not known who purchased the data or how much it was sold for. However, the auction was thought to have included source code for Thronebreaker: The Witcher Tales spinoff, The Witcher 3, a ray-traced version of The Witcher 3, Cyberpunk 2077, and copies of the company’s internal documents. That’s according to screenshots posted by vx-underground. The auction followed a leak of the source code for CD Projekt Red’s virtual card game Gwent, which was verified by Vice.

 

Kela previously reported that the starting price for the auction was $1 million, with a buy-it-now price of $7 million. These terms were subsequently verified by vx-underground, too.

 

Although the hackers have not been officially named, one security researcher told Wired he believed it involved the use of the HelloKitty ransomware, which had also been used to hack a Brazilian power company called CEMIG.

 

A spokesperson from CD Projekt Red did not immediately return The Verge’s request for comment. However, earlier this week the company told Vice it is still “actively investigating” the incident.

 

 

Cyberpunk 2077 studio’s hacked data has reportedly been sold