Chinese-Linked Hackers Targeting Gambling Companies

  • Hackers are thought to have links with APT 27, Winnti, and Emissary Panda
  • Spearphising emails are infected with backdoor trojans
  • Criminals are stealing data and code from gambling companies rather than money
Rebecca Campbell

hackers hack into corporate servers
A Chinese-linked hacking group called DRBControl is believed to be targeting gambling companies based in Southeast Asia. [Image: Shutterstock.com]

DRBControl attacks

According to IT security company Trend Micro, hackers with Chinese links are using backdoor trojans to run espionage-focused attacks on gambling companies in Southeast Asia. Unconfirmed hacks are reported to have also come from Europe and the Middle East, reports ZDNet.

the group has infected and kept track of around 200 computers through a Dropbox account

Talent-Jump Technologies first unearthed the activity last year and contacted Trend Micro while conducting an incident report for a firm based in the Philippines. According to the two security companies, the hacks are being carried out by a group they have called DRBControl.

Between July and September 2019, Talent-Jump states that the group has infected and kept track of around 200 computers through a Dropbox account and another 80 in a second account.

Links to Chinese hacking groups

Based on its techniques, the researchers point out that it could have connections with Chinese-linked APT 27. This group is known for targeting aerospace, government, defense, technology, and energy industries.

It did note, though, that the connection with APT 27 was “very loose.”

However, rather than stealing money from the gambling companies, it appears that those involved are taking code and data, suggesting that the hacks are espionage-focused.

The researchers said: “The exfiltrated data was mostly comprised of databases and source codes, which leads us to believe that the campaign is used for cyberespionage or gaining competitive intelligence.”

Trend Micro data also suggests that DRBControl could have ties to Winnti and Emissary Panda, two hacking groups that have undertaken hacks in the past 10 years aimed at the gambling industry.

Yet, regarding Winnti, it seems that there are three different overlaps. For example, DRBControl domain names are linked with ones previously used by Winnti, whereas in other examples, commands issued on DRBControl-compromised machines appear to have links with Winnti.

Tactics used

According to reports, hackers are using “straightforward and efficient” methods involving spearphishing email links.

Upon opening the Microsoft Word documents attached in the emails, which are embedded with an executable file or a .bat file, computers are infected with backdoor trojans.

hackers are using “straightforward and efficient” methods involving spearphishing email links

In one instance, DRBControl is thought to have contacted a company suggesting that the customer support team needed to address an error.

Another method Trend Micro identified uses PowerShell, an administration tool, to download the malware.

This isn’t the first instance of hacking groups targeting gambling companies. In 2018, it was reported that hackers in North Korea, known as the Lazarus Group, had targeted at least one online casino in Central America.

Leave a Reply

Your email address will not be published. Required fields are marked *

Other Related News

We use cookies on this site to enhance your user experience.
By clicking any link on this page, you are giving consent to our use of cookies.

Cookie Overview

VegasSlotsOnline uses cookies to enhance your experience as you navigate through the website. Some of these cookies are categorized as essential because they are essential for the working of the basic functionalities of the website. Essential cookies are stored on your browser. We also use third-party cookies that help us analyze and understand how you use this website. These are non-essential cookies and are stored on your browser only with your consent. You have the option to opt-out of non-essential cookies, but this may affect your browsing experience.

Necessary  (Always Enabled)

Essential cookies are absolutely essential for the website to function properly. This category only includes cookies that ensure the basic functionalities and security features of the website. These cookies do not store any personal information.

Non-Essential ( Enabled Disabled )

Any cookies that may not be particularly necessary for the website to function and are used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-essential cookies. It is mandatory to procure user consent prior to running these cookies on your website.