Gwent‘s source code has already allegedly leaked, and it could be the beginning.
To recap the events: CD Projekt RED‘s (CDPR onwards) internal network was compromised > the attackers demanded money or they would leak all the source code they have stolen > CDPR refused to strike a deal with them > the hackers prepare for an auction… and that’s the story so far.
Cybernews, „a research-based online publication” that focuses on digital security, wrote that the source code of Gwent, CDPR’s card game, was posted to a hacking website on February 10 with the title „CDProject Leak #1.” The links to Mega and 4chan have been disabled since, but the site got a copy of the archive, claiming the metadata indicates the package was taken on February 6, two days before CDPR „became aware” of the attack.
However, #1 suggests that more leaks are to follow, and the second leak might have happened yesterday. CyberNews added that the author of the forum post linking to the leaked data has previously written about the open-source ransomware Cobalt Strike. Luca Mella, a cybersecurity expert, told CyberNews that he believes the perpetrator is related to the ransomware group HelloKitty, echoing thoughts expressed shortly after the hack by Emisoft chief technology officer Fabian Wosar.
„This could mean the group is quite new and potentially growing fast after the compromise of such a high-value victim. Many other younger affiliate may join their operations after this. CD Projekt is really popular and widely discussed among underground and gaming communities,” Mella said, adding that the archive has already been downloaded by many others, some of whom are now trying to extort their payments. And there was that auction we mentioned the other day. Even the entry fee is expensive: you need to pay 0.1 Bitcoin just to participate.
That is roughly 4800 dollars!