Infestation: Survivor Stories (fka The War Z)
Infestation: Survivor Stories game executable backdoored via supply chain
Linked to the ShadowHammer/BARIUM APT group (also involved in the ASUS attack), the executable for the online game Infestation: Survivor Stories (formerly The War Z) was reportedly recompiled with malicious code sometime between June and November 2018. This supply chain compromise aimed to surgically target users by their MAC addresses to collect system information. The compromised executables were signed with legitimate digital certificates. This record tracks Infestation: Survivor Stories specifically; related ShadowHammer game and ASUS compromises are tracked separately.
- Date
- 2018-06-01 to 2018-11-30
- Category
- Commercial
- Target Surface
- Build/CI
- Insertion Phase
- CI/CD
- Impact
- Data theft
- Cause
- Build system compromise (Attackers had access to source code or injected malware during compilation. Leaked source code and vulnerable production servers also implicated.)
What Was Affected
Package
Infestation: Survivor Stories (fka The War Z)
ComponentGame
Artifact typebinary archive
Domain typepackage host
Domain
Electronics Extreme (Thailand-based author)
Compromised Versions
- Unknown specific game executable versions/patches
Incident Context
- Motive
- Espionage
- Attribution
- Nation-state
- Transitive
- No
- Actor
- BARIUM (APT17, Axiom, Deputy Dog, Winnti group)
- Actor Country
- China
- Target Country
- Global
- Observed Duration
- 182 days
Evidence
Compromised Artifacts
- Compromised game executables (e.g., Infestation.exe) distributed via official game patches or downloads, potentially through platforms like Steam or direct publisher websites, between June and November 2018.
Current Artifacts and Analysis
External References
Source Data
Source record: proprietary/infestation/meta.yaml