On Feb. 27, threat actors known as Mogilevich claimed on the dark web they had quietly launched an attack on Epic Games’s systems, Bleeping Computer reported.
Though malicious groups in the past have had success targeting gamers and game companies, this particular breach, it turns out, was part of a scam allegedly worth thousands of dollars.
“Yes, the claim was false,” one of the scammers, who goes by the name Pongo, told IT Brew in an email. “Many journalists [and] reporters are saying we used this to scam Epic Games and others by faking the ransom. That’s not true; we used this to gain views quickly and to scam potential buyers and new people that wanted to work with our tools.”
Poker face. The group used the initial ransom note and buzz online to bring more attention to their site and (fake) ransomware services. By targeting Epic Games and one other company, they gained new victims to scam, claiming to have earned around $119,000 in this scheme. The group did not provide proof of its earnings.
At the time of Mogilevich’s first announcement about the Epic Games breach, Jake Jones, senior communications manager at Epic Games, told IT Brew in an email that they were investigating the situation, noting there was “zero evidence” to support the entity’s claims. Upon hearing of the breach, Epic Games reached out to Mogilevich “within minutes” to ask for proof. Mogilevich refused to do so, according to Jones.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Pongo said none of the databases listed on the group’s site were true, adding that Mogilevich “took advantage of big names to gain visibility as quickly as possible.”
What’s in a name? Pongo explained to IT Brew that the group liked Semion Mogivelich’s name, noting he’s one of the “biggest fraudsters in history.” Semion Mogivelich is a notorious criminal who is wanted by the FBI for his alleged involvement in a multi-million dollar fraud scheme that took place in the 90s.
Semion is believed to be living in Moscow, Russia, and he holds Russian, Ukrainian, and Israeli passports. Despite Semion’s origins, Pongo says the fraud group is not based in Eastern Europe.
Swap shop. According to Pongo, Mogilevich has sold access to eight “panel accesses” belonging to its non-existent private infrastructure, and the group has also used social engineering techniques to further its schemes. Pongo explains they’ve pretended to be buyers to fool access brokers into sending photo and video evidence of their access to systems or networks, which helps them boost credibility in pretending to offer ransomware as a service.
“Now the real question is? Why confess all this when we could just run away?” Pongo said. “This was done to illustrate the process of our scam. We don’t think of ourselves as hackers but rather as criminal geniuses, if you can call us that.”