Cyber Incident Victim: Apex Legends Global Series
Date:
Mar 2024
Location:
United States of America
Summary
A cyberattack compromised the competitive integrity of the Apex Legends Global Series tournament, forcing its postponement. Professional players were involuntarily granted cheat capabilities such as wallhacks and aimbots during matches, resulting in automatic bans by the game's anti-cheat system. The incident is suspected to involve exploitation of a remote code execution vulnerability, though the specific component—whether the game client, its anti-cheat software, or the underlying engine—remains unconfirmed; the anti-cheat provider denied vulnerabilities in its system. Such targeted interference disrupting live esports events is rare but mirrors past disruptions like DDoS attacks on other major tournaments.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 5 motives | 8 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 18, 2024, the Apex Legends Global Series (ALGS) Pro League tournament was disrupted during competitive matches by an apparent cyberattack targeting professional players. During separate matches, two competitors experienced unauthorized modifications to their game accounts. Noyan Ozkose (Genburten) of Dark Zero suddenly gained the ability to see opponents through walls ("wallhacks"), while Phillip Dosen (ImperialHal) of TSM involuntarily received automated aiming capabilities ("aimbot"). ImperialHal continued playing until tournament organizers terminated the server, but the game's anti-cheat system subsequently banned his account. His teammate Evan Verhulst (Verhulst) also received an automatic ban. Audio recordings from affected players indicated distress at the unexpected cheat activations, which compromised competitive integrity. Tournament administrators postponed the North American finals, citing this compromise. Developer Respawn Entertainment and publisher Electronic Arts (EA) did not immediately disclose technical details about the intrusion.
The gaming community speculated the attacker exploited an unpatched remote code execution (RCE) vulnerability, potentially within Apex Legends' game client, its Easy Anti-Cheat (EAC) system, or Valve's Source engine. Messages sent to AntiCheatPD, an X account monitoring game cheats, claimed an RCE exploit caused the incident, though no specific component was identified. EAC later stated its investigation found no evidence of an RCE vulnerability in its software, pledging continued collaboration with partners. Historical precedents include DDoS attacks disrupting 2015 DOTA 2 and League of Legends tournaments, but directly implanting cheats on players’ accounts during live competitions is exceptionally rare. Potential motivations include financial gain through betting markets, reputational damage to players or the game, or general disruption. Trend Micro had previously identified cheating tools, ransomware, and information stealers as top threats to esports professionals, warning of increasing targeting by malicious actors. The incident highlighted operational vulnerabilities in high-stakes esports environments despite existing anti-cheat measures and industry awareness of emerging threats.