February 23, 2020 TamaraTam
Asian gambling operators have been facing serious threats recently. Several betting sites have been targeted by Chinese hackers, looking not only for money but having additional motives…
More About the Attack:
According to TrendMicro investigations, the group responsible for this action was DRBControl (Dropbox Control). The definition points to “advanced persistent threat actor include in a cyberespionage campaign targeting gambling operations” all around Southeast Asia.
TrendMicro started the original investigations in mid-2019. The firm was previously ed by a Philippines located company, active in performing incident response acivities. In this case, the Philippine firm’s customer was targeted by hackers via a spear-phishing email. According to allegations, the mail asking recipients to run a .DOCX file to view a screenshot that displayed certain errors the customer was facing.
As soon as the member opened the doc, it inserted an executable file that installed malware via the pair of backdoors. However, the additonal versions of malware included a backdoor that used the „Dropbox file hosting service as its command-and-control channel.“
The previous actions of Chinese hackers were more than sufficient to harm the security of Asian gambling sites. The targeted platforms were endangered as perpetrators had an opportunity to steal all sensitive information including s, databases, codes and other technical data while installing additional malware for activties. According to TrendMicro observation, the entire “campaign is used for cyberespionage or gaining competitive intelligence.”
If we take into consideration attacked platforms, they are all based in Southeast Asia. TrendMicro has mentioned that it was “made aware that Europe and the Middle East regions are also being targeted”. However, all these allegations cannot be proven…
The results show that the Chinese criminal group Winnti stands behind the attacks. The Group has been known for attacking gambling sites for decades. There is evidence collected by Kapersky Lab that the Winnti group has been performing attacks on video game operators starting from 2009. The main goal of the squad has been stealing in-game virtual currencies and selling them for real money…
The Asian gambling industry has been facing serious digital problems. There is evidence that shows the inclusion of the government in all these actions. North Korea officials have sponsored the procurement of hard currency with the of Bangladesh.
Source:
“Asian online gambling sites targeted by unknown hackers“, Steven Stradbrooke, calvinayre.com, February 19, 2020.
What an immense problem for South Asian operators! These actions are well-performed and executed…I am afraid that the online gambling world will become the target of additional hacker groups that are looking to disappear with tones of money…