Cyberattacks on Asian Gambling Firms: The Case of Espionage?
Posted: March 13, 2020
Updated: March 13, 2020
Experts detected strange attacks primarily targeted at Southeast Asian gambling companies
The hacking group focuses on cyber espionage
DRBControl may be linked to Chinese hacking groups
After numerous reports on online gambling news in China out cyberattacks on Asian gambling firms, Trend Micro, the cybersecurity company, conducted research on the subject. They discovered that the advanced persistent threat group used infecting documents to carry out cyber espionage. According to research, cybercriminals may be linked to Chinese hacking groups like Emissary Panda and Winnti. Trend Micro named a new hacking group ”DRBControl ”.
Cyberattacks on Asian gambling firms
Trend Micro discovered that the DRBControl carried out its first cyber attack with the 1.0 version of malware in late May 2019. DRBControl mainly targeted at source codes and databases of specific companies, mainly from South East Asia, Middle East, and Europe. Such selective attacks suggest that the hacking group was focused on cyber-espionage.
Customer support of gambling companies receive thousands of requests daily. Some of the emails don’t contain any files, while the others have attachments like screenshots or images. DRBControl sent emails with malicious documents and asked customer support representatives to open the file. When a person double-clicked on the launcher inside the document, it automatically started to download malware.
Although asking to open a screenshot within a .DOCX file is not a typical request, some customer service agents opened it anyway. Experts also found three identical .DOCX files that contained different versions of malware. After a person downloaded malicious software, it created a backdoor that helped hackers to gain personal data, take screenshots, and install keyloggers.
Is DRBControl a Chinese-linked group?
Researchers also suggest that DRBControl may be related to hacking groups like Emissary Panda (APT27) and Winnti. The assumption roots from the similarity of tools, methods and target areas of these groups. For instance, Emissary Panda also used HyperBro backdoor in their attacks. Moreover, DRBControl uses the same domain names as Winnti. Besides, both of these hacking groups are of Chinese origin. And although there is no direct evidence, experts suggest that DRBControl may have ties to China.
If you want to know more about best betting hacks, check out this article.