Suspected Chinese hackers are targeting Southeast Asian online gambling sites. It aims to appear to go beyond merely stealing money. According to a report, it started in May 2019.
Dubbed DRBControl, the adversary behind the attacks, is using a broad range of tools for cyber espionage purposes. It includes publicly available and customer utilities that allow elevating privileges. Also, data are moved laterally in a compromised environment and exfiltrate.
What are Online Gambling Sites?
Usually, these online gambling sites are in partnership with online software companies in providing online casino games. An example of an online software company is the World Match Casino. They specialize in design as well as producing quality online casino games to top online casinos in the world.
However, in most parts of the world, online gambling is considered illegal. Most countries have strict prohibition when it comes to gambling as a whole. But, in exception, some Southeast Asian countries allow gambling in many forms, including online gambling.
How are the Southeast Asian Online Gambling Sites Targeted?
It began when the hackers target a Philippine-based company’s support team via a spear-phishing email. The email is asking the recipients to open a .DOCX file to view the supposedly display error that their customer is having.
Upon opening this file, the document embedded an executable file that installs malware via two previously undisclosed backdoors. Later versions have a backdoor that utilizes the Dropbox file hosting service as its command-and-control channel.
Once compromised, a user’s computer will pillage for passwords, databases, source codes, and other proprietary technical information. Also, it is happening while installing other malware for future operations.
TrendMicro is investigating this incident, and their research suggests links to a Chinese-led group of hackers known as Winntl. Also, they are targeting gambling sites for a decade or more.