Chinese Hackers Go After Gambling Websites

A new Chinese APT group dubbed “DRBControl” has been involved in the targeting of online gambling and betting platforms based in Europe, the Middle East, and Southeast Asia, since May 2019. This infamous hacker group is actively attacking gambling and other online betting sites in South East Asia.

DRBControl was once said to be attacking behalf of China, but now is hacking on its own interest. It’s found to be stealing source codes and database from victims rather than money. .

According to two reports published by Talent-Jump and Trend Micro, hack-attacks have been officially confirmed at gambling companies located in Southeast Asia, and also additional hacks have been identifies as coming from Europe and the Middle East. Talent-Jump and Trend Micro say hackers appear to have stolen company databases and source code, but not money, suggesting the attacks were espionage-focused, rather than cybercrime motivated.

Interestingly, the group was using two unknown backdoors, a collection of known but upgraded malware strains, and a rich set of post-exploitation tools.

Their skills are above average and they have deployed an impressive arsenal of tools to run their attacks.

Trend Micro said the group's malware and operational tactics overlap with similar tools and tactics used by Winnti and Emissary Panda, two hacking groups that have conducted attacks over the past decade in the interests of the Chinese government.

It is unclear if DRBControl is carrying out attacks on behalf of the Chinese Governmnet, but this is not thought to the case.

In August 2019, FireEye reported that some Chinese state-sponsored hacking groups are now carrying out cyber-attacks on the side, in their free time, for their own gains and interests, separate from their normal state-sponsored operations.

The recent attacks are neither complex or unique in regards to the tactics being used to infect victims and steal their data. Attacks start with a spear-phishing link sent to targets. Employees who fall for the emails and open the documents they received are infected with backdoor Trojans.

These backdoor Trojans are somewhat different from other backdoors because they heavily rely on the Dropbox file hosting and file sharing service, which they use as a command-and-control (C&C) service and as a storage medium for second-stage payloads and stolen data, hence the group's name of DRopBox Control. 

Typically, the Chinese hackers will use the backdoors to download other hacking tools and malware that they'll use to move laterally through a company's network until they find databases and source code repositories from where they can steal data. The hackers have infected and kept track of around 200 computers through one Dropbox account, and another 80 through a second.

Attacks are ongoing, and the two security firms have published indicators of compromise (IOCs) in their reports that organisations can use to detect suspicious activity and malware. Between July and September 2019, DRBControl has infected hundreds of computers. It’s said to be hacked over 200 computers by using one Dropbox account and another 80 computers in another account.

The group is capable of stealing info from the clipboard, creating network traffic tunnels, scan NETBIOS servers, dump passwords and even carry a brute force attack.

These are not the first attacks on online betting and gambling sites. In 2018, cyber-security ESET reported that N. Korea hackers had attacked casinos in Central America from where they're believed to have attempted to steal funds.

Operation Blockbuster:    WeLiveSecurity:     Talent Jump:     Trend Micro:    ZDNet:     TechNadu:     TechDator

You Might Also Read:

China’s Dirty Secret - Intellectual Property Theft


 

« Japan Approves Home Grown 5G
Iranian Hackers Attack Corporate IT Networks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

CTR Secure Services

CTR Secure Services

CTR Secure Services provides a broad range of security consulting services from asset protection to cyber security.

HDI Global SE

HDI Global SE

HDI Global SE provides customised insurance solutions for industrial and commercial clients worldwide including Cyber Liability insurance.

ERNW

ERNW

ERNW is an independent IT Security service provider with a focus on consulting and testing in all areas of IT security.

CyberGreen Institute

CyberGreen Institute

The CyberGreen Institute is a global non-profit and collaborative organization conducting activities focused on helping to improve the health of the global Cyber Ecosystem.

ngCERT

ngCERT

ngCERT is the National Computer Emergency Response Team for Nigeria.

Sanderson Recruitment

Sanderson Recruitment

Sanderson is a recruitment company providing expert recruitment services in areas including Cyber & Information Security.

Cybersecurity Manufacturing Innovation Institute (CyManII)

Cybersecurity Manufacturing Innovation Institute (CyManII)

CyManII was established to create economically viable, pervasive, and inconspicuous cybersecurity in American manufacturing to secure the digital supply chain and energy automation.

Ten Eleven Ventures

Ten Eleven Ventures

Ten Eleven is a specialized venture capital firm exclusively dedicated to helping cybersecurity companies thrive.

Microland

Microland

Microland’s delivery of digital is all about making technology do more and intrude less for global enterprises. Our services include Cloud & Data Center, Networks, Cybersecurity and more.

BaXian Group

BaXian Group

BaXian AG is an international consulting company specializing in IT security, data analytics, risk management and compliance.

ELLIO Technology

ELLIO Technology

ELLIO Technology is a cybersecurity company that reduces alert overload, improves incident response, and helps security teams target serious attackers who pose a real threat.

Fairdinkum Consulting

Fairdinkum Consulting

Fairdinkum is a leading full-service IT consulting firm with more than two decades of experience in the industry.

PeoplActive

PeoplActive

PeoplActive is an IT consulting and recruitment services organization with leading capabilities in digital, cloud and security.

Silk Security

Silk Security

Silk is the first platform that enables enterprises to take a strategic, sustainable approach to resolving code, infrastructure and application risk.

FastPassCorp

FastPassCorp

In the world of IT, identity theft is a growing concern. FastPass offers an innovative solution as a cloud or on-premises offering.

Merlin Ventures

Merlin Ventures

Merlin Ventures is a strategic investor focused on driving growth and value for cybersecurity software companies with market-leading potential.