Cyber Threat Actor: New World Order
| Actor Type | Location | Known Incidents |
Insider - Disgruntled
|
United States of America
|
0 incidents |
|---|
Profile
The threat actor known publicly as New World Order, also referenced by the nickname Codey, is associated with the United States of America based on available reporting. This actor emerged as a former administrator of the Club Penguin Rewritten online gaming platform, a service aimed at children aged six to fourteen. The individual’s involvement with the platform ended after a contentious departure in February 2018, during which allegations of stalking, harassment and threats were made against staff. Despite the exit, the actor retained access to internal systems through concealed PHP files that functioned as a backdoor, allowing continued interaction with the site’s database. The primary sector targeted by this actor is the online gaming industry, specifically platforms that host virtual economies and user‑generated content. The strategic objective demonstrated in the observed activity was financial gain, achieved by exfiltrating login credentials, IP address logs and rare virtual items that could be exchanged for real‑world currency. No explicit mention of espionage, disruption or state‑directed goals appears in the source material, so the focus remains on monetization of stolen data.
The actor’s tactics, techniques and procedures involved inserting malicious PHP code among legitimate files to avoid detection, thereby exploiting legitimate administrator privileges as the initial access vector. No specific malware families or custom tooling suites are described in the reporting, indicating reliance on simple web‑shell style scripts rather than advanced frameworks. The backdoor enabled the actor to retrieve bcrypt‑hashed passwords, email addresses, usernames and approximately 2.9 million IP address logs related to registrations and logins. Notably, the actor attempted to damage records while extracting accounts holding valuable in‑game items, showing a dual intent to both profit and hinder recovery efforts. The most significant publicly reported operation linked to New World Order is the July 2019 breach of Club Penguin Rewritten, which compromised roughly four million accounts and was later added to the Have I Been Pwned database. An earlier incident from January 2018, disclosed only after a year, exposed about 1.7 million unique email addresses and credential hashes, suggesting a pattern of repeated exploitation of the same platform. Attribution to any criminal consortium, state sponsor or broader affiliate network is not established in the available sources, and the actor appears to have acted independently based on the described circumstances. No further campaigns or additional victim sectors are documented, limiting the profile to the confirmed activities surrounding the Club Penguin Rewritten incidents.
