Cyber Incident Victim: Zombie Studios
Date:
Jan 2011
Location:
United States of America
Summary
A hacking group infiltrated multiple organizations, including Zombie Studios, the US Army, Microsoft, and other technology firms, stealing unreleased software, source code, pre-release video games, and military training applications. The attackers employed SQL injections and compromised employee credentials to access networks, exfiltrating intellectual property and sensitive corporate financial data valued between $100 million and $200 million. Four individuals linked to the conspiracy faced charges including computer fraud, copyright infringement, and identity theft, with two pleading guilty to reduced charges carrying potential five-year prison sentences. The theft encompassed proprietary gaming assets and critical military systems but did not compromise customer information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 5 actors | Available to members | Available to members |
Description
Between January 2011 and March 2014, a hacking group known as 'Xbox Underground' conducted a series of intrusions targeting major technology companies and U.S. military systems. The four primary members—Nathan Leroux (20), Sanadodeh Nesheiwat (28), David Pokora (22), and Austin Alcala (18)—compromised networks belonging to Microsoft, Epic Games, Valve, Zombie Studios, and the U.S. Army. Attack methods included SQL injection attacks and the use of stolen employee credentials obtained from both direct company sources and software development partners. After gaining unauthorized access, the group exfiltrated unreleased software, proprietary source code, pre-release video games, and sensitive military applications. Specific stolen assets included intellectual property related to Microsoft’s Xbox One console and Xbox Live service, unreleased titles such as *Call of Duty: Modern Warfare 3* and *Gears of War 3*, and Apache helicopter simulation software used for military pilot training. The U.S. Department of Justice estimated the total value of stolen intellectual property between $100 million and $200 million. Financial and sensitive corporate data from victim organizations were also taken, though no customer information was compromised during the breaches.
A federal grand jury in the District of Delaware indicted all four individuals on April 23, 2014, on 18 criminal counts including conspiracy to commit computer fraud, copyright infringement, wire fraud, mail fraud, identity theft, and theft of trade secrets. Additional charges covered aggravated identity theft, unauthorized computer access, and individual copyright and wire fraud violations. By October 2014, Pokora and Nesheiwat had pleaded guilty to conspiracy charges related to computer fraud and copyright infringement, facing potential sentences of up to five years in prison with sentencing scheduled for January 2015. An Australian national linked to the conspiracy faced separate charges. U.S. Attorney Charles M. Oberly III emphasized the severity of the crimes, stating that digital intrusions and intellectual property theft represented significant threats beyond mere nuisance offenses. The prosecution highlighted the multi-year duration of the attacks and the involvement of military systems as aggravating factors. No public statements from victim organizations regarding technical remediation efforts were documented in the available materials.