Point Blank
Point Blank game executable backdoored via supply chain
Linked to the ShadowHammer/BARIUM APT group (also involved in the ASUS attack), the executable for the online game Point Blank was reportedly recompiled with malicious code sometime before 2019. This supply chain compromise likely aimed to collect system information from players. The compromised executables were signed with legitimate digital certificates. This record tracks Point Blank specifically; related ShadowHammer game and ASUS compromises are tracked separately.
- Date
- 2018-01-01 to 2019-03-11
- Category
- Commercial
- Target Surface
- Build/CI
- Insertion Phase
- CI/CD
- Impact
- Data theft
- Cause
- Build system compromise
What Was Affected
Package
Point Blank
ComponentGame
Artifact typebinary archive
Domain typepackage host
Domain
Official game websites/distributors (e.g., Zepetto Co. for Point Blank)
Compromised Versions
- Unknown specific game executable versions/patches for Point Blank
Incident Context
- Motive
- Espionage
- Attribution
- Nation-state
- Transitive
- No
- Actor
- BARIUM (APT17, Axiom, Deputy Dog)
- Actor Country
- China
- Target Country
- Asia
- Observed Duration
- 434 days
Evidence
Compromised Artifacts
- Compromised Point Blank game executables distributed via official game patches or downloads, potentially through platforms like Steam or direct publisher websites, prior to 2019.
Current Artifacts and Analysis
External References
Source Data
Source record: proprietary/point_blank/meta.yaml