Hacking group Crimson Collective claims to have breached Nintendo’s topic files, attaching a screenshot of several folders as proof. Among them are production assets, dev previews, and backups.
There’s little information right now on how extensive the hack is, or what Crimson Collective intends to do with the data that it has allegedly obtained, but we can look to its recent attack on Red Hat for a rough idea. Only earlier this month, it breached the software company’s private GitHub repositories, alleging to have stolen 570GB of data, including authentication credentials for clients.
Interestingly, before this breach, Crimson Collective announced that it would deface Nintendo’s website.
Crimson Collective claims that it reached out to Red Hat through official channels to make extortion demands, likewise proving the breach with screenshots of internal folders, but was ultimately ignored. On October 2, the company acknowledged the breach, stating that it had contacted the appropriate authorities. It’s possible that, behind the scenes, Crimson Collective is attempting to make similar demands with Nintendo.
Crimson Collective Could Be Tied To LAPSUS$
In September, Crimson Collective also alleged that it had breached Claro Colombia, a telecommunications operator, stealing 50 million client invoices and financial files. Cybersecurity company Anomali suggests that the group are attempting to “establish credibility within the cybercriminal circles through high-profile attacks”, which would explain its targeting of Nintendo, by far the most high-profile of its targets in the span of just a few weeks.
What’s curious about these cases (as noted by cybercrime investigative journalist Brian Krebs) is that the Telegram posts from Crimson Collective were signed ‘Miku’, a nickname used by the UK-based 19-year-old LAPSUS$ and alleged Scattered Spider hacker Thalha Jubair, who is supposed to be remanded in custody pending trial.
Claro, the group’s first victim, was also targeted by LAPSUS$ in 2021, and during the Red Hat hack, they highlighted another LAPSUS$ victim – Vodafone. LAPSUS$ were no stranger to targeting video game companies, either, going after Ubisoft and Microsoft in 2022, while the hacker who leaked in-game GTA 6 footage was thought to be affiliated with the group.
Nintendo has not yet issued a statement, and until it does so, we cannot know the extent of the breach or the legitimacy of Crimson Collective’s claims.
First Appeared on
Source link
