Chinese Hackers Go After Gambling Websites

A new Chinese APT group dubbed “DRBControl” has been involved in the targeting of online gambling and betting platforms based in Europe, the Middle East, and Southeast Asia, since May 2019. This infamous hacker group is actively attacking gambling and other online betting sites in South East Asia.

DRBControl was once said to be attacking behalf of China, but now is hacking on its own interest. It’s found to be stealing source codes and database from victims rather than money. .

According to two reports published by Talent-Jump and Trend Micro, hack-attacks have been officially confirmed at gambling companies located in Southeast Asia, and also additional hacks have been identifies as coming from Europe and the Middle East. Talent-Jump and Trend Micro say hackers appear to have stolen company databases and source code, but not money, suggesting the attacks were espionage-focused, rather than cybercrime motivated.

Interestingly, the group was using two unknown backdoors, a collection of known but upgraded malware strains, and a rich set of post-exploitation tools.

Their skills are above average and they have deployed an impressive arsenal of tools to run their attacks.

Trend Micro said the group's malware and operational tactics overlap with similar tools and tactics used by Winnti and Emissary Panda, two hacking groups that have conducted attacks over the past decade in the interests of the Chinese government.

It is unclear if DRBControl is carrying out attacks on behalf of the Chinese Governmnet, but this is not thought to the case.

In August 2019, FireEye reported that some Chinese state-sponsored hacking groups are now carrying out cyber-attacks on the side, in their free time, for their own gains and interests, separate from their normal state-sponsored operations.

The recent attacks are neither complex or unique in regards to the tactics being used to infect victims and steal their data. Attacks start with a spear-phishing link sent to targets. Employees who fall for the emails and open the documents they received are infected with backdoor Trojans.

These backdoor Trojans are somewhat different from other backdoors because they heavily rely on the Dropbox file hosting and file sharing service, which they use as a command-and-control (C&C) service and as a storage medium for second-stage payloads and stolen data, hence the group's name of DRopBox Control. 

Typically, the Chinese hackers will use the backdoors to download other hacking tools and malware that they'll use to move laterally through a company's network until they find databases and source code repositories from where they can steal data. The hackers have infected and kept track of around 200 computers through one Dropbox account, and another 80 through a second.

Attacks are ongoing, and the two security firms have published indicators of compromise (IOCs) in their reports that organisations can use to detect suspicious activity and malware. Between July and September 2019, DRBControl has infected hundreds of computers. It’s said to be hacked over 200 computers by using one Dropbox account and another 80 computers in another account.

The group is capable of stealing info from the clipboard, creating network traffic tunnels, scan NETBIOS servers, dump passwords and even carry a brute force attack.

These are not the first attacks on online betting and gambling sites. In 2018, cyber-security ESET reported that N. Korea hackers had attacked casinos in Central America from where they're believed to have attempted to steal funds.

Operation Blockbuster:    WeLiveSecurity:     Talent Jump:     Trend Micro:    ZDNet:     TechNadu:     TechDator

You Might Also Read:

China’s Dirty Secret - Intellectual Property Theft


 

« Japan Approves Home Grown 5G
Iranian Hackers Attack Corporate IT Networks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Carson & SAINT

Carson & SAINT

Carson & SAINT is an award-winning consulting firm with deep experience in cybersecurity technology, software, and management consulting.

CyberGuarded

CyberGuarded

CyberGuarded are an accredited vendor independent information security testing and auditing company.

Neupart

Neupart

Neupart provides Information Security Management System, Secure ISMS, allowing organisations to automate IT Governance, Risk and Compliance management.

Featurespace

Featurespace

Featurespace is a world-leader in Adaptive Behavioural Analytics and creator of the ARIC platform for fraud and risk management.

Cybersecurity Professionals

Cybersecurity Professionals

Search vacancies from top cyber security jobs worldwide on CyberSecurity Professionals. View IT security jobs or upload your CV to be seen by recruiters from industry leading firms.

Cytellix

Cytellix

Cytellix is an industry-standards-based, managed cybersecurity service provider, specializing in proactive behavioral analytics and situational awareness of an organization’s cyber posture.

JM Search

JM Search

JM Search’s Information Technology Executives Practice sources the most sought-after technology roles including CIO, CTO, CISO, CDO and other senior posts.

689cloud

689cloud

689Cloud is a cloud content collaboration platform that allows users to protect, track, and control files AFTER they have been shared.

SoloKeys

SoloKeys

SoloKeys provides the first open-source FIDO2 security key: Protect your online accounts against unauthorized access by using the most secure login method.

Cybolt

Cybolt

Cybolt helps companies, organizations, and governments manage digital risks and live in an environment of confidence and certainty.

LocateRisk

LocateRisk

LocateRisk provides more efficiency, transparency and comparability in IT security with automated, KPI-based IT risk analyses.

Progress Partners

Progress Partners

Progress Partners is a corporate advisory firm that works with buyers and sellers of emerging growth companies to complete M&A or private placement transactions. Our sectors include cybersecurity.

NorthRow

NorthRow

NorthRow provides digital transformation compliance solutions to help businesses manage regulatory and financial crime risks.

Intelequia

Intelequia

Intelequia SOC is the Security Operations Center your company needs. 24x7 monitoring, protection and automated response to cyber threats.

Resillion

Resillion

Resillion (formerly Eurofins Digital Testing) is a global leader in quality engineering and cyber security services with operations in Europe, US, UK, India and China.

Ampsight

Ampsight

Ampsight specializes in enabling cloud integration, securing data, and navigating complications that drive critical-mission success.