Gala Lab Hacked by Chinese State-Sponsored Group: A Comprehensive Report
In a troubling incident, Gala Lab, the renowned developer behind popular MMORPGs such as FLYFF, has reportedly been hacked by a Chinese state-sponsored group. This cyberattack has raised significant concerns within the gaming community and the broader tech industry.
FlyFF player here working in the cybersecurity field. The developer of FlyFF has popped up on my radar in a professional setting, and I would like you to be aware of this piece of information that the devs will most likely never (willingly) tell you themselves.
The Breach
The attack was first reported on the Flyff Universe subreddit, where users shared details of the breach. The hackers managed to infiltrate Gala Lab's network, gaining access to sensitive data. This includes user information, game development files, and internal communications
Gala Lab, developer of FlyFF, is hacked by a Chinese state-sponsored group named by security researchers as APT41.
The FBI about APT41: https://www.fbi.gov/wanted/cyber/apt-41-group
The connection to FlyFF: https://cloud.google.com/blog/topics/threat-intelligence/apt41-arisen-from-dust
“The DUSTTRAP malware and its associated components that were observed during the intrusion were code signed with presumably stolen code signing certificates. One of the code signing certificates seemed to be related to a South Korean company operating in the gaming industry sector.”
The certificate in question: “Subject: C = KR, ST = Seoul, L = Gangnam-gu, O = Gala Lab Corp., CN = Gala Lab Corp.”
In simplified terms, software developers use certificates for signing their software to ensure legitimacy. These signing certificates and the software source code are the most important intellectual property owned by software developers like Gala Lab.
Anyone that owns the certificates can sign software in the owner’s name, with equal level of trust. If China has this certificate it means that Gala Lab is either entirely compromised or complicit. The hackers have YOUR! data.
What does this mean for FlyFF players?
- Gala Lab is entirely hacked by a sophisticated hacker group funded by the Chinese government.
- This hacker group can sign software pretending to be Gala Lab. (Do NOT install software from Gala Lab!)
- Your data stored and processed by Gala Lab is not safe.
- Data stolen from Gala Lab is being used in active attacks on companies in various sectors in (at least) Italy, Spain, Taiwan, Thailand, Turkey, and the UK.