In a startling revelation, the source code for Grand Theft Auto 5 (GTA 5) has reportedly been leaked online just over a year after the notorious Lapsus$ hacking group infiltrated Rockstar Games and exfiltrated corporate data. The leak, which occurred on Christmas Eve, has reignited concerns about the security of major gaming companies and the persistence of sophisticated cybercriminals.
The Lapsus$ Hackers
The Lapsus$ hackers, infamous for their audacious attacks on high-profile targets, have once again made headlines. The initial breach in 2022 saw the group gain access to Rockstar Games’ internal systems, including their Slack server and Confluence wiki.
The hackers claimed to have stolen the source code and assets for both GTA 5 and the highly anticipated GTA 6, causing a significant stir in the gaming community. Some of the stolen content, including a testing build for GTA 6, was leaked on various online forums and Telegram channels.
On the Telegram channel dedicated to Grand Theft Auto leaks, a user known as ‘Phil’ shared links to download the stolen GTA 5 source code. The channel has a history of being a hub for leaked Rockstar data, and ‘Phil’ also paid tribute to Arion Kurtaj, the Lapsus$ hacker who previously leaked pre-release videos of GTA 6 under the pseudonym ‘teapotuberhacker.’ Kurtaj was recently sentenced to an indefinite hospital stay by a UK judge for his involvement in hacking both Rockstar and Uber.
In a message on the channel, ‘Phil’ expressed his admiration for Kurtaj, saying, “#FreeArionKurtaj He started all of this and ensured the leak would become public. I have immense respect for him. Miss you buddy.” He also encouraged users to review pinned messages from 2022 to see how the events unfolded, noting that Kurtaj was an active participant in the discussions.
The Lapsus$ group’s hacking spree in 2022 targeted several major corporations, including Uber, Microsoft, Okta, Nvidia, Mercado Libre, T-Mobile, Ubisoft, Vodafone, and Samsung. Their attacks typically involved social engineering and SIM swapping techniques to breach corporate networks, followed by attempts to extort companies by threatening to leak stolen data. The stolen data often included sensitive information such as source code and customer data.
Motivations Behind the Leak
The recent leak of the GTA 5 source code appears to have been motivated by a desire to combat scams in the GTA V modding community. According to security research group vx-underground, the leaker claimed they received the source code in August 2023. “Their motivation was to combat scamming in the GTA V modding scene, many people were allegedly scammed by people claiming to have the GTA V source code,” vx-underground reported.
While BleepingComputer reviewed the leaked code and found it to be legitimate, they could not independently verify its authenticity. Attempts to contact Rockstar Games for comment were unsuccessful, likely due to the holiday period.
The Continued Threat of Lapsus$
The Lapsus$ hackers have been relatively quiet since several members were arrested. However, reports suggest that some former members are now active in a new hacking collective known as Scattered Spider. This group employs similar tactics to Lapsus$, including social engineering, phishing, multi-factor authentication (MFA) fatigue, and SIM swapping attacks to gain access to corporate networks.
The success and notoriety of Lapsus$ have prompted the Department of Homeland Security (DHS) Cyber Safety Review Board to analyze their tactics and develop recommendations to prevent similar attacks in the future. Despite law enforcement efforts, the persistence and adaptability of these hackers highlight the ongoing challenges in securing digital assets against sophisticated cyber threats.