Chinese Hackers Target Asian Online Gambling Sites to Steal Data
Chinese hackers are aggressively targeting Southeast Asia's gambling industry with a refined cyber-espionage strategy, as reported by SentinelOne. The cyber assailants exploit software vulnerabilities to deploy known malware, with ties suggested to the Bronze Starlight Chinese APT group. SentinelLabs emphasizes the collaborative and multifaceted nature of China's cyber threats.
Connection to Previous Campaigns and Sophisticated Disguises
After China's crackdown on its Macau-based gambling, the Southeast Asian gambling scene has soared. Not surprisingly, this growth has drawn the attention of Chinese APT groups, keen to exploit the industry to accumulate private data.
Recent cyber-attacks, while echoing previous campaigns, showcase distinct tactics. They are primarily attributed to the Bronze Starlight group, notorious for espionage. This group intriguingly also employs ransomware, potentially as a diversion or for misattribution. During an earlier investigation, dubbed "Operation ChattyGoblin," the authorities discovered hackers targeting a Philippine gambling company using tainted versions of a support tool, LiveHelp100.
SentinelOne's analysis revealed striking resemblances between the new campaign and the tools used in Operation ChattyGoblin. Notably, a sample submission in March 2023 was linked to the Philippines, hinting at a possible connection.
The malicious activities in the recent campaign are masked to mimic genuine LiveHelp100 functions. Additionally, a significant revelation by researcher Aleksandar Milenkoski highlighted concerns over the misuse of Ivacy VPN products, emphasizing VPNs' critical role in cyber security.
Malware Traits and Chinese Cyber Spies' Tactics
Chinese hackers have a history of pilfering signing keys; PMG PTE LTD remains tight-lipped, even amidst direct inquiries. In response to the security breach, DigiCert swiftly revoked the compromised certificate, bringing the issue to the public's attention.
The discovered malware comes with a unique feature. It self-suspends when detected on devices in specific nations, including the US, Germany and France. This functionality sheds light on its intended target regions. Additionally, the widespread use of HUI Loader, malware known to be favored by Chinese cybercriminals, especially APT10 from Tianjin, highlights the campaign's sophistication.
HUI Loader's fingerprints are evident in several ransomware attacks, some of which are linked to the Bronze Starlight group. As Secureworks and Microsoft findings suggest, this underscores the evolving complexity of Chinese cyber espionage and the challenges of accurate attribution based on public intelligence alone.
More Business News
RELATED TOPICS: Business
Review this New Post
Leave a Comment
User Comments
Comments for Chinese Hackers Target Asian Online Gambling Sites to Steal Data