Hackers used Slack to hack Electronic Arts computer systems

Hackers of a cybercriminal group that stole over 780 gigabytes of confidential data from Electronic Arts used the Slack messenger. The criminals hacked into the networks of the video game publisher by tricking one of its employees through a corporate messenger.

As a reminder, criminals stole the source code of the video game FIFA 21 and related matchmaking tools, as well as the source code of the Frostbite game engine, and other internal game development tools. According to the hackers, they managed to get 780 GB of data, which they put up for sale on various underground forums.

According to a member of the group, the criminal operation began with buying stolen cookies on the Internet for $ 10 and using them to gain access to the Slack channel used by employees of EA. Cookies can store credentials for specific users and potentially allow hackers to log into services on behalf of someone else. In this case, hackers were able to break into Slack EA using a stolen cookie.

The hackers then requested a multifactor authentication token from EA IT to gain access to EA’s corporate network. Once on the EA network, hackers gained access to EA’s service for compiling games. They successfully logged in and created a virtual machine giving them more information about the network, and then accessed another service and downloaded the game’s source code.

A representative of the hackers provided the publication with screenshots as confirmation of various stages of the hacking, including the Slack chats themselves. A spokesman for the hackers also provided Motherboard with a number of documents that they said were stolen in the hack. They include a selection of PlayStation VR stories, how EA creates digital stands in FIFA games, and papers on artificial intelligence in games.

I think you will also be interested in the article: How to avoid spam and phishing scams in email?