epressline.com
GTA 5 Source Code Leaked On Christmas
Grand Theft Auto 5 source code allegedly leaked on Christmas Eve.
The leak came just over a year after Rockstar Games was hacked and corporate data was stolen by members of the infamous Lapsus$ group.
The Lapsus$ hackers gained access to Rockstar’s internal Slack server as well as the company’s Confluence wiki, where they claimed to have obtained the source code and assets for both Grand Theft Auto 5 and Grand Theft Auto 6, including a test build of the game.
Links for downloading the source code were posted on Discord, a popular dark web website, as well as a Telegram channel that had been used by the same hackers to leak Rockstar data in the past.
‘Phil’, the channel owner of one of the Grand Theft Auto leak channels, posted links to the source code, along with a screenshot of a folder.
The ‘Phil’ channel owner also paid tribute to ‘Arion Kurtaj’, a notorious hacker who had previously leaked Grand Theft Auto 6 pre-release videos under the username ‘teapopperhacker’. Kurtaj was sentenced to indefinite hospital stay in the UK by a UK judge after hacking into both Rockstar and Uber in 2022.
Vx-underground, a security research group, claims to have spoken to a leaker on Discord who says the source code was released sooner than expected. The leaker says they received the source code in August, 2023.
The source code is believed to be legitimate, but BleepingComputer was unable to independently verify the authenticity of the leak. BleepingComputer reached out to Rockstar Games for comment on the leak, but did not get a response, likely because of the holiday season.
Lapsus$ hackers are well-known for their social engineering and SIM-switching attacks to break into corporate networks. Some of the companies they have been accused of targeting include Uber, Microsoft, Rockstar Games, Okta, Nvidia, Mercado Libre, T-Mobile, Ubisoft, Vodafone, and Samsung.
In many cases, the threat actors tried to blackmail the companies into not releasing the stolen data, which often included source code as well as customer data.
Due to the success of these attacks, the DHS Cyber Safety Review Board conducted an analysis of Lapsus$’s tactics and shared recommendations for preventing future attacks.
While Lapsus$ has been relatively quiet since its arrests, BleepingComputer has been told that some of its members are now thought to be part of the small but active hacking collective known as “Scattered Spider.”
Also Read
Like Lapsus$, Scattered Spider uses a variety of tactics to gain initial access to large organizations’ networks, including social engineering and phishing, as well as MFA fatigue and SIM swapping attacks.
