Tuesday 23rd August 2022

IntSum – Week 33 | 15th – 19th August 2022

Key Issue: USD 6 million worth of ingame items stolen from CS.MONEY trading platform
Cybercriminals: Ransomware groups target organisations susceptible to downtime

NationState: Nationstate actors focus on facilitating military activity


Key Issue:

This week, cybercriminals stole 20,000 skins (ingame items that change a character’s appearance) worth approximately USD 6 million from CS.MONEY. CS.MONEY is the largest item trading platform for the online multiplayer game CounterStrike: Global Offensive (CS:GO).

The threat actors gained access to Mobile Authenticator files used for Steam authorisation and took control of bot accounts that contained the skins. They proceeded to transfer skins to their own accounts by issuing outgoing transaction offers, as well as to accounts of other users likely to hide their malicious activity. To further hinder attribution efforts, the threat actors generated false transaction messages mentioning other CS:GO item trading platforms that resembled the legitimate messages sent by the platform’s bots.

CS MONEY’s internal systems and website users alerted employees about the suspicious transactions and the website was taken offline to reset all authorisations to prevent further transactions. At the time of writing the platform remains offline, and the stolen skins have not yet been recovered, however, they are in tradelock which prevents the further transfer of the items. Gamingrelated platforms have previously been targeted in operations intended to steal credentials and ingame items
as they can be sold on other online marketplaces and forums. We assess that financially motivated cybercriminals will continue targeting platforms that manage digital assets worth significant sums of money.

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.