Game developer 2K hacked days after Rockstar hack and GTA6 leak

SECURITY

2K, a game developer owned by Take-Two Interactive Software Inc., has been hacked days after Rockstar Games Inc., another division of Take-Two, was also hacked, and footage from the upcoming “Grand Theft Auto 6” game was leaked online.

The hack of 2K, which publishes games such as “Borderlands,” “Civilization” and “Bioshock,” involved an unauthorized third party accessing the credentials of a vendor of the help desk platform used by the company. According to a warning published Tuesday by 2k, the unauthorized party sent “a communication to certain players containing a malicious link.”

Any players who have received the malicious link and who clicked on it are advised to reset user account passwords stored in their web browser and enable two-factor authentication wherever possible — while avoiding 2FA with text message verification. Players are also advised to install and run a reputable antivirus program and check their account settings to see if any forwarding rules have been added to their email accounts.

The compromise may be ongoing, with 2K saying that their support portal will “remain offline while we address this issue” and that it will let players know when support is available again.

Although 2K did not name the vendor, notably the company uses Zendesk Inc. for its support portal. It’s unknown if a Zendesk account was compromised or if the account belongs to another third-party vendor used by 2K, which also had access to the Zendesk-powered support portal.

Bleeping Computer reported Tuesday that the messages received by 2K users came from a fake 2K support representative called “Prince K.” The messages included an attached file named “2K Launcher.zip” hosted directly on 2ksupport.zendesk.com, which pretended to be a new game launcher. The zip file contained an unsigned file called “2k Launcher.exe” that included RedLine Stealer, a low-cost password stealer sold on underground forums.

“The depth of 2K Games breach is another cautionary tale of supply chain security,” David Maynor, senior director of threat intelligence at cybersecurity training company Cybrary Inc., told SiliconANGLE. “This compromise allowed the attackers to send official mail and hosting malware directly on their help desk server.”

Maynor added that the scope of the attack seemed limited only by the attackers’ imagination. “2K Games just released ‘NBA 2K23,’ a popular basketball franchise that brought extra scrutiny to the 2K Games support platform” he said.

Surja Chatterjea, head of product and alliances at enterprise cybersecurity solutions provider Skybox Security Inc., described the Redline Stealer malware as “highly sophisticated yet low-cost infostealer” that is notorious in the malware as a service economy for its widespread impact.

“Earlier in the year, there were reports of RedLine Stealer being installed on computers of unsuspecting victims via an Internet Explorer vulnerability on outdated browsers,” Chatterjea explained, adding that “companies must address vulnerability exposure risks before threat actors can exploit them.”

Image: 2K