Cyber Incident Victim: Microsoft
Date:
Jan 2011
Location:
United States of America
Summary
A group of hackers infiltrated Microsoft's networks and other technology firms as well as US Army servers, stealing unreleased software, source code, pre-release video games, and military training software through SQL injection attacks and compromised employee credentials. The stolen intellectual property, including proprietary technology and Apache helicopter simulation tools, was valued between $100 million and $200 million. Four individuals linked to the 'Xbox Underground' ring faced multiple charges including conspiracy to commit computer fraud, copyright infringement, and theft of trade secrets, with two members pleading guilty to reduced charges. The incident highlighted significant breaches of corporate and military systems, resulting in substantial financial and operational impacts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 5 actors | Available to members | Available to members |
Description
Between January 2011 and March 2014, four individuals associated with the 'Xbox Underground' hacking ring—Nathan Leroux (20), Sanadodeh Nesheiwat (28), David Pokora (22), and Austin Alcala (18)—infiltrated the networks of Microsoft, the US Army, and technology companies including Epic Games, Valve, and Zombie Studios. The attackers employed SQL injection attacks and utilized stolen employee credentials, including those from software development partners, to gain unauthorized access. Once inside these systems, they exfiltrated unreleased software, proprietary source code, copyrighted material, and pre-release video games such as 'Call of Duty: Modern Warfare 3' and 'Gears of War 3.' Specific targets included intellectual property related to Microsoft’s Xbox One console and Xbox Live online platform. The group also compromised US Army servers, stealing Apache military helicopter training software. Financial data and sensitive corporate information were taken, though customer data remained unaffected. The US Department of Justice later estimated the value of stolen intellectual property between $100 million and $200 million.

On April 23, 2014, a federal grand jury in Delaware charged all four individuals with 18 criminal counts, including conspiracy to commit computer fraud, copyright infringement, wire fraud, mail fraud, identity theft, and theft of trade secrets. Individual charges included aggravated identity theft, unauthorized computer access, and wire fraud. By October 2014, Pokora and Nesheiwat had pleaded guilty to conspiracy charges, facing sentences of up to five years in prison, with sentencing scheduled for January 2015. An unnamed Australian national linked to the conspiracy was also charged separately. US Attorney Charles M. Oberly III publicly condemned the breaches, emphasizing the severity of digital theft targeting government and corporate networks. The prosecution highlighted the use of stolen credentials and SQL injections as primary attack vectors, underscoring the operational sophistication of the group despite the young ages of its members. No details regarding Microsoft’s or the Army’s internal detection methods or containment procedures were disclosed in the indictment.
