Cyber Incident Victim: Microgame
Date:
Feb 2023
Location:
Italy
Summary
A ransomware group named Play targeted an Italian online gaming service provider, compromising its IT infrastructure and exfiltrating sensitive data, including personal identification documents, credit card information, client documents, and confidential agreements. The attackers published 5GB of stolen data on their leak site, threatening to release the full dataset unless their demands were met, indicating failed ransom negotiations. The victim, established in 1996 and licensed by Italy's gambling regulatory authority, faced significant operational and reputational risks due to the exposure of highly sensitive customer and business information. The incident underscores the disruptive potential of ransomware attacks, particularly against organizations handling large volumes of personal financial data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 11, 2023, the ransomware group Play claimed responsibility for a cyberattack targeting Microgame S.p.A., an Italian remote gaming service provider founded in 1996 and regulated by Italy's Agenzia dei Monopoli (ADM). Play announced the breach on its data leak site (DLS), disclosing that it had accessed and exfiltrated sensitive corporate data. The group published an initial 5GB cache of compressed files on February 9, which purportedly contained confidential customer documents, identity cards, credit card information, client agreements, and other personal data. Play threatened to release additional data unless Microgame complied with unspecified demands, characterizing the leaked material as only a partial sample of the compromised information. The attackers explicitly tied further disclosures to Microgame's willingness to negotiate, consistent with standard ransomware extortion tactics where gangs pressure victims by incrementally publishing stolen data.
Microgame's infrastructure breach exposed customer financial details and identification documents, potentially impacting both individual privacy and corporate operations. As a licensed gaming platform provider handling sensitive user transactions, the compromise created regulatory risks under data protection laws and reputational damage within Italy's regulated gambling industry. Play leveraged its DLS as both an intimidation tool and verification mechanism, providing samples to prove their access while withholding the complete dataset. The incident exemplified ransomware groups' evolving double-extortion approach – encrypting systems while separately threatening data leaks. Article 1 contained no information about Microgame's incident response, decryption efforts, law enforcement engagement, or whether any ransom was paid. Similarly, technical specifics regarding initial access vectors, encryption methods, dwell time, or containment measures remained unreported in the source material. The public disclosure originated solely from Play's DLS posts, with no official statement from Microgame captured in the article at the time of publication.