Chinese Hackers Go After Gambling Websites

Uploaded on 2020-03-09 in TECHNOLOGY--Hackers, FREE TO VIEW

A new Chinese APT group dubbed “DRBControl” has been involved in the targeting of online gambling and betting platforms based in Europe, the Middle East, and Southeast Asia, since May 2019. This infamous hacker group is actively attacking gambling and other online betting sites in South East Asia.

DRBControl was once said to be attacking behalf of China, but now is hacking on its own interest. It’s found to be stealing source codes and database from victims rather than money. .

According to two reports published by Talent-Jump and Trend Micro, hack-attacks have been officially confirmed at gambling companies located in Southeast Asia, and also additional hacks have been identifies as coming from Europe and the Middle East. Talent-Jump and Trend Micro say hackers appear to have stolen company databases and source code, but not money, suggesting the attacks were espionage-focused, rather than cybercrime motivated.

Interestingly, the group was using two unknown backdoors, a collection of known but upgraded malware strains, and a rich set of post-exploitation tools.

Their skills are above average and they have deployed an impressive arsenal of tools to run their attacks.

Trend Micro said the group's malware and operational tactics overlap with similar tools and tactics used by Winnti and Emissary Panda, two hacking groups that have conducted attacks over the past decade in the interests of the Chinese government.

It is unclear if DRBControl is carrying out attacks on behalf of the Chinese Governmnet, but this is not thought to the case.

In August 2019, FireEye reported that some Chinese state-sponsored hacking groups are now carrying out cyber-attacks on the side, in their free time, for their own gains and interests, separate from their normal state-sponsored operations.

The recent attacks are neither complex or unique in regards to the tactics being used to infect victims and steal their data. Attacks start with a spear-phishing link sent to targets. Employees who fall for the emails and open the documents they received are infected with backdoor Trojans.

These backdoor Trojans are somewhat different from other backdoors because they heavily rely on the Dropbox file hosting and file sharing service, which they use as a command-and-control (C&C) service and as a storage medium for second-stage payloads and stolen data, hence the group's name of DRopBox Control. 

Typically, the Chinese hackers will use the backdoors to download other hacking tools and malware that they'll use to move laterally through a company's network until they find databases and source code repositories from where they can steal data. The hackers have infected and kept track of around 200 computers through one Dropbox account, and another 80 through a second.

Attacks are ongoing, and the two security firms have published indicators of compromise (IOCs) in their reports that organisations can use to detect suspicious activity and malware. Between July and September 2019, DRBControl has infected hundreds of computers. It’s said to be hacked over 200 computers by using one Dropbox account and another 80 computers in another account.

The group is capable of stealing info from the clipboard, creating network traffic tunnels, scan NETBIOS servers, dump passwords and even carry a brute force attack.

These are not the first attacks on online betting and gambling sites. In 2018, cyber-security ESET reported that N. Korea hackers had attacked casinos in Central America from where they're believed to have attempted to steal funds.

Operation Blockbuster:    WeLiveSecurity:     Talent Jump:     Trend Micro:    ZDNet:     TechNadu:     TechDator

You Might Also Read:

China’s Dirty Secret - Intellectual Property Theft


 

« Japan Approves Home Grown 5G
Iranian Hackers Attack Corporate IT Networks »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Exploit Database (EDB)

Exploit Database (EDB)

The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers.

Ground Labs

Ground Labs

Ground Labs is a security software company dedicated to making sensitive data discovery products that help organisations prevent sensitive data loss.

Konfidas

Konfidas

Konfidas provide high-level cybersecurity consulting and professional tailored solutions to meet specific cybersecurity operational needs.

FixMeStick

FixMeStick

FixMeStick is a virus removal device, a USB key that removes malware conventional antivirus software often can’t detect.

Secure Decisions

Secure Decisions

Secure Decisions focus on research and product development related to national security including information assurance, computer network defense, cyber security education, and application security.

Blockchain Slovakia

Blockchain Slovakia

Blockchain Slovakia is a non-profit organization that brings together researchers, developers, entrepreneurs, regulators, investors and the public to support blockchain technology in Slovakia.

AVL Mobile Security

AVL Mobile Security

AVL Mobile Security is a market-leading mobile security company for anti-virus and threat intelligence in the mobile Internet.

Rentalworks

Rentalworks

Rentalworks is a leading provider of Internet-of-Things (IoT) Asset Lifecycle Management Services including secure data erasure and disposal.

Ksmartech

Ksmartech

Ksmartech provide services related to security and authentication in all areas where the connection of people to objects, and objects and objects is necessary.

NetApp Excellerator

NetApp Excellerator

NetApp Excellerator is NetApp’s global start-up program that aims to fuel innovation by partnering with deep-tech start-ups.

HB-Technologies

HB-Technologies

HB-Technologies is pioneer in Africa, in digital security, embedded electronic and IT solutions based on highly secure smart cards that comply with international standards and norms.

Tenable

Tenable

Organizations around the world rely on Tenable to help them understand and reduce cybersecurity risk across their attack surface—in the cloud or on-premises, from IT to OT and beyond.

Cyber Proud

Cyber Proud

Cyber proud is leading a talent revolution to promote and create an inclusive skilled cyber workforce.

SkillsDA

SkillsDA

SkillsDA is pureplay company in cyber security involved in capacity building towards National Security.

Aim Security

Aim Security

Aim empowers enterprises to unlock the full potential of GenAI technology without compromising security. GenAI makes business better - Aim makes GenAI secure.

DeepSurface Security

DeepSurface Security

DeepSurface is the first risk-based vulnerability management platform that allows cybersecurity teams to automate the process of analyzing and prioritizing vulnerabilities.