Chinese Hackers Go After Gambling Websites

A new Chinese APT group dubbed “DRBControl” has been involved in the targeting of online gambling and betting platforms based in Europe, the Middle East, and Southeast Asia, since May 2019. This infamous hacker group is actively attacking gambling and other online betting sites in South East Asia.

DRBControl was once said to be attacking behalf of China, but now is hacking on its own interest. It’s found to be stealing source codes and database from victims rather than money. .

According to two reports published by Talent-Jump and Trend Micro, hack-attacks have been officially confirmed at gambling companies located in Southeast Asia, and also additional hacks have been identifies as coming from Europe and the Middle East. Talent-Jump and Trend Micro say hackers appear to have stolen company databases and source code, but not money, suggesting the attacks were espionage-focused, rather than cybercrime motivated.

Interestingly, the group was using two unknown backdoors, a collection of known but upgraded malware strains, and a rich set of post-exploitation tools.

Their skills are above average and they have deployed an impressive arsenal of tools to run their attacks.

Trend Micro said the group's malware and operational tactics overlap with similar tools and tactics used by Winnti and Emissary Panda, two hacking groups that have conducted attacks over the past decade in the interests of the Chinese government.

It is unclear if DRBControl is carrying out attacks on behalf of the Chinese Governmnet, but this is not thought to the case.

In August 2019, FireEye reported that some Chinese state-sponsored hacking groups are now carrying out cyber-attacks on the side, in their free time, for their own gains and interests, separate from their normal state-sponsored operations.

The recent attacks are neither complex or unique in regards to the tactics being used to infect victims and steal their data. Attacks start with a spear-phishing link sent to targets. Employees who fall for the emails and open the documents they received are infected with backdoor Trojans.

These backdoor Trojans are somewhat different from other backdoors because they heavily rely on the Dropbox file hosting and file sharing service, which they use as a command-and-control (C&C) service and as a storage medium for second-stage payloads and stolen data, hence the group's name of DRopBox Control. 

Typically, the Chinese hackers will use the backdoors to download other hacking tools and malware that they'll use to move laterally through a company's network until they find databases and source code repositories from where they can steal data. The hackers have infected and kept track of around 200 computers through one Dropbox account, and another 80 through a second.

Attacks are ongoing, and the two security firms have published indicators of compromise (IOCs) in their reports that organisations can use to detect suspicious activity and malware. Between July and September 2019, DRBControl has infected hundreds of computers. It’s said to be hacked over 200 computers by using one Dropbox account and another 80 computers in another account.

The group is capable of stealing info from the clipboard, creating network traffic tunnels, scan NETBIOS servers, dump passwords and even carry a brute force attack.

These are not the first attacks on online betting and gambling sites. In 2018, cyber-security ESET reported that N. Korea hackers had attacked casinos in Central America from where they're believed to have attempted to steal funds.

Operation Blockbuster:    WeLiveSecurity:     Talent Jump:     Trend Micro:    ZDNet:     TechNadu:     TechDator

You Might Also Read:

China’s Dirty Secret - Intellectual Property Theft


 

« Japan Approves Home Grown 5G
Iranian Hackers Attack Corporate IT Networks »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

SS8 Networks

SS8 Networks

SS8 provide an analytics platform for monitoring high speed communication flows to identify 'suspects-of-interest' for law enforcement and intel agencies.

Intruder

Intruder

Intruder is a cloud-based vulnerability scanner that finds cyber security weaknesses in your digital infrastructure, to avoid costly data breaches.

Chronicle

Chronicle

Chronicle products combine intelligence about global threats in the wild, threats inside your network, and unique signals about both.

FCase

FCase

FCase is an end-to-end Fraud Orchestrator which takes fraud management systems from basic, standalone detection to an enterprise-focused approach.

Barbara IoT

Barbara IoT

Barbara is an industrial device platform specifically designed for IoT deployments.

Bellvista Capital

Bellvista Capital

Bellvista Capital connects entrepreneurs with capital and unmatched business expertise in the technology areas of Cloud Computing, Cyber Security and Data Analytics.

iHLS Startups Accelerator

iHLS Startups Accelerator

iHLS Accelerator is the first startup accelerator in the world in the security and homeland security field.

Towerwall

Towerwall

Towerwall offers a comprehensive suite of security services and solutions using best-of-breed tools and information security services.

Kameleon Security

Kameleon Security

Kameleon is a semiconductor startup developing advanced hardware cybersecurity platforms for computing systems.

Bigbee Technology

Bigbee Technology

Bigbee Technology are an IT solutions company based in Dar es Salaam founded by a group of professionals from around the globe.

Xopero Software

Xopero Software

Xopero Software develops a comprehensive range of professional tools for protecting and restoring critical business data.

Intelliagg

Intelliagg

Intelliag by Threat Finder is an expert-led, cyber threat intelligence managed service that monitors public, private and darknet sources to identify different types of threats.

Spike Reply

Spike Reply

Spike Reply is the company within the Reply Group focusing on cybersecurity and personal data protection.

Tromzo

Tromzo

Tromzo's mission is to eliminate the friction between developers and security so you can scale your application security program.

Eastern Cyber Resilience Centre (ECRC)

Eastern Cyber Resilience Centre (ECRC)

The Eastern Cyber Resilience Centre is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Prescient Solutions

Prescient Solutions

Prescient Solutions is a managed services provider, using a cloud-based model to provide IT solutions to small, mid-sized, global organizations and government entities.