Cyber Incident Victim: Electronic Arts Inc.
Date:
Dec 2015
Location:
United States of America
Summary
Phantom Squad, a hacking group, launched distributed denial-of-service (DDoS) attacks against a major gaming company's servers, causing extended downtime and prompting an official apology. The group expanded its assaults to target the PlayStation Network and other gaming platforms, resulting in intermittent service disruptions. Supported by affiliated groups VandaSec and PhantomSec, the attackers previously tested similar methods against multiple online games and networks, demonstrating a pattern of disruptive activities. The incident also involved claims of collaboration with a former member of a known threat group, amplifying operational capabilities. Service stability fluctuated as engineers worked to mitigate the attacks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Phantom Squad, a hacking group that had publicly announced plans to conduct distributed denial-of-service (DDoS) attacks against Xbox Live and PlayStation Network (PSN) between December 24 and December 31, 2015, initiated its campaign by targeting Electronic Arts (EA) servers on December 24. The group had conducted smaller-scale DDoS attacks against both Xbox Live and PSN earlier in December, though these caused only brief service interruptions. Prior to the Christmas Eve attack, Phantom Squad had also tested its capabilities against Valve's Steam network and specific game servers for *Star Wars: The Old Republic*, *Grand Theft Auto 5*, *Call of Duty: Black Ops 3*, and *Call of Duty: Black Ops 2*, with all test attacks being short-lived. The December 24 assault on EA’s infrastructure proved more severe, causing a three-hour outage that prompted EA to acknowledge the disruption publicly via Twitter and issue an apology to customers. Following EA’s admission, Phantom Squad ceased the attack on EA and immediately redirected efforts toward PSN, announcing the shift on Twitter. Initial reports indicated sporadic PSN connectivity issues, though service remained intermittently accessible with no confirmed downtime listed on Sony’s official status page at the time of the first update.
By late evening on December 24 (23:30), PSN began experiencing more pronounced disruptions, particularly affecting PlayStation 4 users. EA’s status page confirmed difficulties launching games, applications, and online features, with engineers actively working to resolve the issues. During the incident, Phantom Squad revealed via Twitter that @RootedExploit, a former member of the LizardSquad hacking group, had joined their ranks. The attacks aligned with Phantom Squad’s stated objective of disrupting gaming services during the holiday period, mirroring tactics employed by LizardSquad during the previous year’s Christmas season. Two additional groups, VandaSec and PhantomSec, publicly endorsed Phantom Squad’s campaign, though their direct involvement in the December 24 attacks was not explicitly detailed. The EA server outage represented the most significant confirmed impact, while PSN’s intermittent instability demonstrated the group’s ability to target multiple platforms sequentially. No remediation steps beyond EA’s public acknowledgment and engineer mobilization were documented in the available reporting.