Cyberattack gifts esports pros with cheats, forcing Apex Legends to postpone tournament

Virtual gunslingers forcibly became cheaters via mystery means

Updated Esports pros competing in the Apex Legends Global Series (ALGS) Pro League tournament were forced to abandon their match today due to a suspected cyberattack.

In the early hours of Monday morning, two professional Apex Legends players competing in two separate matches were forcibly given cheats on their accounts – events that have seen the tournament temporarily shut down. 

Noyan Ozkose (whose alias is Genburten) of the Dark Zero team was suddenly given the ability to see all opponents through walls, while Phillip Dosen (alias: ImperialHal) of the TSM team was also suddenly gifted the ability to aim automatically at his opponents without any manual application to the controller – an "aimbot."

Do not insert coin: Uni of Utah to dish out scholarships to ace video game players


ImperialHal remained in the game server until organizers shut it down, but was issued a ban by the game itself after it detected a cheat system running. Teammate Evan Verhulst (alias: Verhulst) also received a ban.

There is no suggestion the players were anything but horrified at being gifted the sudden "hacks," as the panicked audio in the linked Twitter feeds attest.

The community suspects that the attacker responsible for the intrusion exploited an unpatched remote code execution (RCE) vulnerability in the Apex Legends game.

This was backed up by messages sent from the alleged attacker to the individual behind AntiCheatPD, an X account that gathers information about video game cheats, claiming that the incident was caused by an RCE exploit.

The messages didn't specify the component of the game that was allegedly exploited. The community has been debating whether it could be in the Apex Legends game client itself or in the game's built-in anti-cheat mechanism (Easy Anti-Cheat).

Another possibility being discussed is that the vulnerability was in Valve's Source engine, a heavily modified version of which powers the game.

However, the scant communications from Apex Legends, developer Respawn Entertainment, or publisher Electronic Arts (EA), haven't answered anything in terms of technical specifics. It's still early days, after all.

"Due to the competitive integrity of this series being compromised, we have made the decision to postpone the NA finals at this time. We will share more information soon," Xeeted the Apex Legends Esports account.

El Reg asked EA's comms team for more information about whether a suspected RCE was exploited, or when a further update would arrive, but it didn't reply.

The incident - where competition was disrupted as a result of outside interference - is a rarity in the esports world.

In 2015, professional matches in DOTA 2 and League of Legends were also forcibly abandoned after DDoS attackers knocked players offline, rendering them unable to compete. This type of attack is more common against game servers themselves, rather than individuals, but it's not unheard of for professional esports players or streamers to get the same treatment.

Given that all major esports matches are freely streamed online, the disruption can be seen in real time. Also taking into account that bets can be placed on matches with major, legitimate bookmakers, there is entertainment and potentially financial incentives to carry out such attacks. Reputational harm to a player and/or the game could also be a motivator.

Cheating in esports has largely come from the players themselves, introducing cheat software to their systems to give themselves a competitive advantage.

There have been countless cases over the years that have led to professionals being banned from their respective games for varying lengths o time. Some, like former StarCraft world champion Lee Seung-hyun, were banned for life. 

Although he didn't use a technical, software, or hardware-based exploit, Lee was found guilty of taking payments to fix matches and subsequently banned from StarCraft esports forever.

Using illegal cheats has long been on the radar of video game professionals and made security shop Trend Micro's top three concerns for pro players back in 2019, alongside ransomware and information stealers.

"After analyzing esports underground markets and seeing the services and technology available, there is no doubt that the esports industry will be heavily targeted by malicious actors going forward," Trend Micro said at the time.

"Luckily, gaming companies and tournament organizers are already aware of their status as targets, and are always on the lookout for new cheating techniques and tools. There are also new security features being developed for the industry, as well as different anti-cheat services dedicated to keep esports fair. 

"But, for all the targets involved, there needs to be a more comprehensive awareness on the specific threats involved in these competitions. This can help them build better defenses and find more effective security solutions." ®

Updated at 14.59 on March 18, 2024, to add

Easy Anti-Cheat, the anti-cheat software used by ApexLegends, said in a statement on X: "We have investigated recent reports of a potential RCE issue within Easy Anti-Cheat. At this time - we are confident that there is no RCE vulnerability within EAC being exploited. We will continue to work closely with our partners for any follow up support needed."

Send us news

NHS Digital hints at exploit sightings of Arcserve UDP vulnerabilities

When PoC code is released within a day of disclosure, it's only a matter of time before attacks kick off

Microsoft's Brad Smith summoned by Homeland Security committee over 'cascade' of infosec failures

Major intrusions by both China and Russia leave a lot to be answered for

Cybersec chiefs team up with insurers to say 'no' to ransomware bullies

Guidebook aims to undermine the criminal business model

British Library's candid ransomware comms driven by 'emotional intelligence'

It quickly realized ‘dry’ progress updates weren’t cutting it

Three cuffed for 'helping North Koreans' secure remote IT jobs in America

Your local nail tech could be a secret agent for Kim’s cunning plan

Uncle Sam urges action after Black Basta ransomware infects Ascension

Emergency ambulances diverted while techies restore systems

Europol confirms incident following alleged auction of staff data

Intelligence-sharing platform remains down for maintenance

Cybercriminals hit jackpot as 500k+ Ohio Lottery lovers lose out on their personal data

Not a lotto luck for these powerball hunters

US faith-based healthcare org Ascension says 'cybersecurity event' disrupted clinical ops

Sources claim ransomware is to blame

One year on, universities org admits MOVEit attack hit data of 800K people

Nearly 95M people in total snagged by flaw in file transfer tool

Google takes shots at Microsoft for shoddy security record with enterprise apps

Also, feds who switch to Google Workspace for 3 years get an extra year for free

Cops finally unmask 'LockBit kingpin' after two-month tease

Dmitry Yuryevich Khoroshev's $10M question is answered at last