Cyber Incident Victim: Xbox Live
Date:
Dec 2015
Location:
United States of America
Summary
A hacker group named Phantom Squad executed a DDoS attack against Xbox Live, disrupting user access and subscription management functionalities. The group publicly claimed responsibility via social media, threatening extended outages over the holiday period and targeting PlayStation Network, though the latter remained unaffected. Microsoft acknowledged the service disruptions and worked to restore access while the group's Twitter account was suspended following its threats. Phantom Squad's actions mirrored prior attacks by Lizard Squad, which had similarly disrupted gaming services during a previous holiday season. Law enforcement investigations into such groups led to arrests, including a minor facing thousands of charges and several individuals linked to DDoS-for-hire services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On December 18, 2015, Microsoft's Xbox Live service experienced disruptions due to a distributed denial-of-service (DDoS) attack claimed by the hacker group Phantom Squad. Users reported difficulties logging into the service overnight, with additional issues affecting subscription management and purchase functionalities. Phantom Squad, operating under a name reminiscent of the prior Lizard Squad hacker collective, publicly claimed responsibility through its Twitter account, posting messages such as "Xbox Live #Offline" coinciding with the outage. The group had previously threatened via Twitter to disrupt both Xbox Live and Sony's PlayStation Network (PSN) during the Christmas period, potentially for up to a week, though PSN remained unaffected in this incident. Phantom Squad justified its actions with statements criticizing cybersecurity measures, including "Because cyber security does not exist" and "Some men just want to watch PSN and Xbox Live burn." Microsoft acknowledged the issues through its support portal, confirming login and subscription system problems and stating efforts to resolve them "ASAP," though no technical details about mitigation were disclosed. The group’s Twitter account was suspended shortly after the attack, halting further public threats.
The incident mirrored tactics used by Lizard Squad during its 2014 Christmas attacks on Xbox Live and PSN, which had severely disrupted online gaming services. Phantom Squad’s actions occurred amid ongoing law enforcement scrutiny of such groups; the FBI had previously investigated Lizard Squad for similar DDoS attacks, including strikes against 8chan and the UK’s National Crime Agency. Earlier in 2015, a 17-year-old linked to Lizard Squad faced 50,700 charges related to cybercrimes but avoided jail time, while six UK teens were arrested for purchasing DDoS services from the group. Microsoft restored Xbox Live functionality following the attack, though no arrests or legal actions specific to Phantom Squad were confirmed in the immediate aftermath. The disruption highlighted recurring vulnerabilities in gaming platforms to DDoS attacks during high-traffic periods.