Menu
Browse

Cyber Threat Actor: PoodleCorp

Actor Type Location Known Incidents
 Icon
Sensationalist
United States of America
14 incidents
Profile

PoodleCorp is a hacker group that operates under the alias PoodleCorp and has been publicly linked to the United States of America. The actor is known for collaborating with the Phantom Squad collective during several high‑profile disruption campaigns. Their primary focus has been on online gaming platforms, including Steam, Origin, Battle.net, PlayStation Network, GTAOnline, Pokémon Go, League of Legends and Electronic Arts services, as well as popular YouTube channels such as WatchMojo, Redmercy, LeafyIsHere and Lilly Singh. Public statements and attack claims indicate that the group’s strategic objective is to cause service disruption and to gain notoriety through social‑media engagement, often demanding a specific number of retweets before ceasing an attack. No evidence of state sponsorship, financial gain or espionage motives appears in the sourced material.

Observed tactics involve the use of distributed denial‑of‑service flooding to overwhelm target networks, accompanied by public claims on Twitter that link the attack to the group’s handle. In several incidents PoodleCorp conditioned the cessation of the DDoS on achieving a retweet threshold, demonstrating a reliance on social‑media pressure as part of their operational flow. Apart from network flooding, the actor has demonstrated account‑takeover capabilities against YouTube channels, renaming uploaded videos, inserting hacker messages and temporarily controlling associated social‑media accounts. Notable public operations include the December 2016 holiday‑season DDoS wave that simultaneously disrupted Steam, Origin and Battle.net services, the August 2016 series of attacks on Blizzard’s Battle.net, Pokémon Go, GTAOnline and PlayStation Network, and the June‑July 2016 hijacking of multiple prominent YouTube channels where video titles were altered to display “hacked by twitter.com/poodlecorp”. These actions collectively illustrate a pattern of disruption‑focused activity centered on gaming and content‑creation platforms, carried out through DDoS pressure and credential‑based account compromise.

Incidents
Attributed incidents available to members
14 incidents
Sources
Sources available to members
8 sources