Cyber Incident Victim: Activision Blizzard
Date:
Jun 2023
Location:
United States of America
Summary
A distributed denial-of-service attack targeted Activision Blizzard, crippling its game servers for over ten hours. The incident prevented players from accessing and playing major titles such as Diablo IV, World of Warcraft, and Call of Duty by disrupting authentication and connection services. The company mitigated the attack but did not identify the responsible threat actor. This was one of several recent DDoS and phishing incidents impacting the victim.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 7 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 25, 2023, Activision Blizzard, the developer of major video game titles including Diablo IV, World of Warcraft, and Call of Duty, was targeted by a significant distributed denial-of-service (DDoS) attack. This cyberattack crippled the company's servers, which are essential for authenticating users and connecting them to games, rendering several of its most popular titles nearly impossible to play. The incident occurred during a summer weekend, a peak time for gaming activity, and was particularly impactful as it affected players who were engaging with the recently released Diablo IV. The attack caused widespread frustration among the gaming community, turning excitement about leisure time into significant user frustration due to the inability to access online services.
The DDoS attack lasted for a prolonged duration, exceeding ten hours before it was ultimately mitigated by the company late on Sunday. Activision Blizzard communicated the nature of the incident and its resolution through an official statement posted on Twitter. The attack flooded Activision Blizzard's servers with a massive volume of traffic, a characteristic method of DDoS operations designed to overwhelm infrastructure and take services offline temporarily. While not considered a sophisticated or particularly damaging form of cyberattack in terms of data compromise, a successful DDoS can effectively disrupt online services and cause substantial operational downtime for the targeted organization.
This incident was not an isolated event for Activision Blizzard, as the company has been a frequent target of recent cyberattacks. Earlier in the same year, the company confirmed a separate security incident where hackers gained access to its internal systems. This prior breach was executed through a phishing SMS message sent to an employee, indicating a different threat vector than the DDoS attack. Furthermore, the company's servers had also been hit by a DDoS attack in September of the previous year, which similarly prevented numerous users from accessing games on their computers. The recurrence of such disruptive attacks highlights a pattern of targeting against the gaming giant.
The impact of the June 25th attack was amplified by the design of Activision Blizzard's games, which are always-online titles. Games like Diablo and Overwatch require a constant internet connection for users to play, even in single-player modes, making them inherently vulnerable to disruptions in server connectivity. This design philosophy has been a point of contention within the broader gaming community, drawing criticism due to global inequalities in internet access and speed. The inherent reliance on connectivity means that any server-side issue, whether malicious like a DDoS or simply due to peak traffic loads on weekends, directly prevents customers from using the products they purchased.
The consequences of the attack were primarily operational and reputational, causing extended service unavailability during a high-traffic period. No data breach or theft of customer information was reported as a direct result of this specific DDoS incident. The primary impact was the denial of service to a large global user base, preventing gameplay and disrupting the online experience for countless players. The company's response focused on mitigating the attack traffic and restoring service, which was accomplished after more than ten hours of effort. As of the reporting, Activision Blizzard had not publicly identified the specific hacker group responsible for orchestrating the DDoS attack. Furthermore, no entity had come forward to claim responsibility for the disruptive action.
The incident serves as an example of the broader threat landscape facing the gaming industry. Beyond DDoS attacks, threat actors employ various other methods to target the large and trusting user base of online games. These methods include malware distribution and phishing attempts. For instance, around the same time period, cybersecurity researchers discovered a malicious installer disguised as a Super Mario game that was spreading the SupremeBot malware. Threat actors leverage the wide user base and general trust associated with game software to distribute malicious payloads. In another example from early June, a phishing campaign targeted Russian-speaking players of the multiplayer first-person shooter Enlisted, using a fake website that mimicked the official page to distribute ransomware. These complementary threats illustrate the diverse risks facing online gaming platforms and their communities, where disruptive attacks like DDoS operations are one part of a complex cybersecurity challenge.