Menu
Browse

Cyber Threat Actor: DerpTroll

Actor Type Location Known Incidents
 Icon
Criminal
United States of America
0 incidents
Profile

DerpTroll is an alias associated with a hacking ring known publicly as Xbox Underground, which operated primarily from the United States of America. The group consisted of four individuals ranging in age from 18 to 28 at the time of their indictment, with an additional Australian member linked to the conspiracy. Their activities spanned from January 2011 to March 2014, during which they conducted coordinated intrusions into multiple high‑profile networks.

The actors targeted sectors that included defense, specifically the U.S. Army’s Apache helicopter training software, and the video‑game industry, compromising Microsoft, Epic Games, Valve, and Zombie Studios. Their strategic objective, as evidenced by the prosecution, was financial gain through the theft of intellectual property, including unreleased games, source codes, and pre‑release titles, with an estimated value between $100 million and $200 million. They also accessed financial and other sensitive information belonging to the compromised companies, though customer data was not reportedly taken.

Notable tactics, techniques, and procedures referenced in the case involve the use of SQL injection exploits and the acquisition of stolen company employee usernames and passwords, some of which were obtained through software development partners. No specific malware families or custom tooling are described in the source material. The group’s affiliation is limited to the self‑identified Xbox Underground collective, with no publicly asserted state sponsorship or ties to larger criminal syndicates.

The operation culminated in a federal indictment charging the members with 18 counts, including conspiracies to commit computer fraud, copyright infringement, wire fraud, mail fraud, identity theft, and theft of trade secrets. Two of the defendants, David Pokora and Sanadodeh Nesheiwat, pleaded guilty to conspiracy to commit computer fraud and copyright infringement, facing up to five years in prison, while the others proceeded to trial. The case highlighted the legal consequences of large‑scale IP theft and underscored the reach of U.S. authorities in prosecuting transnational cybercrime.

Incidents
Attributed incidents available to members
0 incidents
Sources
Sources available to members
1 source