Tuesday 23rd August 2022
IntSum – Week 33 | 15th – 19th August 2022
Key Issue: USD 6 million worth of in–game items stolen from CS.MONEY trading platform
Cybercriminals: Ransomware groups target organisations susceptible to downtime
Nation–State: Nation–state actors focus on facilitating military activity
This week, cybercriminals stole 20,000 skins (in–game items that change a character’s appearance) worth approximately USD 6 million from CS.MONEY. CS.MONEY is the largest item trading platform for the online multiplayer game Counter–Strike: Global Offensive (CS:GO).
The threat actors gained access to Mobile Authenticator files used for Steam authorisation and took control of bot accounts that contained the skins. They proceeded to transfer skins to their own accounts by issuing outgoing transaction offers, as well as to accounts of other users likely to hide their malicious activity. To further hinder attribution efforts, the threat actors generated false transaction messages mentioning other CS:GO item trading platforms that resembled the legitimate messages sent by the platform’s bots.
CS MONEY’s internal systems and website users alerted employees about the suspicious transactions and the website was taken offline to reset all authorisations to prevent further transactions. At the time of writing the platform remains offline, and the stolen skins have not yet been recovered, however, they are in trade–lock which prevents the further transfer of the items. Gaming–related platforms have previously been targeted in operations intended to steal credentials and in–game items
as they can be sold on other online marketplaces and forums. We assess that financially motivated cybercriminals will continue targeting platforms that manage digital assets worth significant sums of money.
Get our latest cyber intelligence insights straight into your inbox every week
Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.