Cyber Incident Victim: Xbox Live
Date:
Feb 2015
Location:
United States of America
Summary
A hacking group known as Lizard Squad, collaborating with associates from Like No Other (LNO), conducted distributed denial-of-service (DDoS) attacks against Microsoft's Xbox Live gaming network and Daybreak Games, causing widespread connection issues and service disruptions. The group, which had previously targeted similar online platforms and faced law enforcement actions including member arrests, reemerged to disrupt operations, notably affecting Daybreak's newly released multiplayer game. The attacks prompted public claims of responsibility via social media, with the group celebrating the visibility of their actions. This incident followed historical conflicts between the group and Daybreak's leadership, including prior disruptive activities against the studio under its former ownership.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
In February 2015, hacking group Lizard Squad reemerged with distributed denial-of-service (DDoS) attacks targeting Microsoft's Xbox Live service and Daybreak Games, the studio formerly known as Sony Online Entertainment. The attacks began over the weekend preceding February 17, initially disrupting Daybreak Games' servers and causing connection issues for multiple online games, including the newly released H1Z1 zombie survival MMO. Daybreak Games President John Smedley publicly acknowledged the DDoS attack, prompting a response from a Twitter account using Lizard Squad's branding (@LizardPhoenix) that referenced prior conflicts between the group and Smedley. This interaction followed a 2014 incident where Lizard Squad sent a bomb threat to a commercial flight carrying Smedley while he was president of Sony Online Entertainment. The studio had since been sold to investment firm Columbus Nova and rebranded as Daybreak Games prior to the 2015 attack.
On Sunday, February 15, the same Lizard Squad-associated Twitter account claimed responsibility for an Xbox Live outage, announcing the attack was conducted with assistance from another group called Like No Other (LNO). The group specifically referenced Twitter handles @LNOuNiTy, @LNOVenom, @Guidelines, and @we_are_lno as collaborators. The disruption caused "Xbox" to trend worldwide on social media, which Lizard Squad highlighted in a celebratory tweet stating "We're back." This marked a resurgence for the group following recent setbacks, including the January 2015 compromise of their LizardStresser DDoS-for-hire tool and the arrests of two alleged members in preceding months. The Xbox Live attack continued Lizard Squad's pattern of targeting gaming platforms, building upon their August 2014 DDoS attacks against PlayStation Network and Christmas 2014 attacks against both PlayStation Network and Xbox Live that caused extended service interruptions during peak gaming periods. No specific technical details about attack vectors or mitigation efforts by Microsoft or Daybreak Games were disclosed in available reporting.