Threat Intelligence Report

Investigating a Russian Video Game Publisher Supply Chain Compromise (English)

EclecticIQ Fusion Center Analysts observed an influx of uploads of an executable named "playblackdesert.exe" to Virus Total, associated with the Russian installation of a very popular South Korean Massively multiplayer online role-playing game called Black Desert Online.

Report from EclecticIQ Fusion Center from Tuesday 28 May 2019.

Key Findings:

  • Analysts observed many similarities between a binary labeled "playblackdesert.exe" and historic Intrusion Set: Winnti Group TTPs.
  • The publishers of Black Desert Online in Russia, GameNet, have allegedly previously been targeted by the Winnti group.
  • Multiple other binaries issued by GameNet have been flagged as malicious, pointing to possible further compromise.

Download Report

About EclecticIQ

EclecticIQ develops analyst-centric products that align our clients’ cybersecurity focus with their threat reality. The result is intelligence-led security, improved detection, prevention, and response.