Experts detected strange attacks primarily targeted at Southeast Asian gambling companies
The hacking group focuses on cyber espionage
DRBControl may be linked to Chinese hacking groups
After numerous reports on online gambling news in China out cyberattacks on Asian gambling firms, Trend Micro, the cybersecurity company, conducted research on the subject. They discovered that the advanced persistent threat group used infecting documents to carry out cyber espionage. According to research, cybercriminals may be linked to Chinese hacking groups like Emissary Panda and Winnti. Trend Micro named a new hacking group ''DRBControl ''.
Cyberattacks on Asian gambling firms
Trend Micro discovered that the DRBControl carried out its first cyber attack with the 1.0 version of malware in late May 2019. DRBControl mainly targeted at source codes and databases of specific companies, mainly from South East Asia, Middle East, and Europe. Such selective attacks suggest that the hacking group was focused on cyber-espionage.
Spear-phishing
Customer support of gambling companies receive thousands of requests daily. Some of the emails don’t contain any files, while the others have attachments like screenshots or images. DRBControl sent emails with malicious documents and asked customer support representatives to open the file. When a person double-clicked on the launcher inside the document, it automatically started to download malware. Hacker in hatAlthough asking to open a screenshot within a .DOCX file is not a typical request, some customer service agents opened it anyway. Experts also found three identical .DOCX files that contained different versions of malware. After a person downloaded malicious software, it created a backdoor that helped hackers to gain personal data, take screenshots, and install keyloggers.
Is DRBControl a Chinese-linked group?
Researchers also suggest that DRBControl may be related to hacking groups like Emissary Panda (APT27) and Winnti. The assumption roots from the similarity of tools, methods and target areas of these groups. For instance, Emissary Panda also used HyperBro backdoor in their attacks. Moreover, DRBControl uses the same domain names as Winnti. Besides, both of these hacking groups are of Chinese origin. And although there is no direct evidence, experts suggest that DRBControl may have ties to China. As in the case with the Russian group hacking the slot machine, and multiple lottery hacks, the human element is always the weakest spot of online gambling sites in China. If you want to know more about best betting hacks, check out this article.
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
