Chinese ‘cybercrime syndicate’ behind gambling sites advertised at European sporting events

Avatar

A constellation of illegal online gambling brands whose advertisements adorn football stadiums throughout Europe is all linked to one group providing the backbone of the industry, researchers have found.

A new report from cloud network security company Infoblox exposes an alleged Chinese cybercrime syndicate that it dubs Vigorish Viper — a name referring to the fee charged by a bookie — that is helping fuel an illegal global gambling economy worth approximately $1.7 trillion annually and is allegedly linked to cyber fraud-related human trafficking in Southeast Asia.

The syndicate provides a technology suite for mobile betting applications including software, website hosting, domain name system configurations, payment systems and mobile apps. The researchers said the technology was developed by the company known as Yabo Group, which according to the investigative football outlet Josimar struck sponsorship deals with some of Europe’s biggest football clubs — including Manchester United, Paris Saint-Germain, Bayern Munich, and AS Monaco. 

After those deals were inked, Chinese authorities went after the company as part of a years-long crackdown on offshore gambling because of concerns about capital outflow. They accused it of “overseas manipulation and domestic infiltration,” having allegedly recruited 80,000 “domestic agents” and attracted nearly six million gamblers. Thousands were arrested and Yabo Group appeared to be no more. 

In fact, the researchers found, the company spawned an assortment of offshoots “laundered into a series of new entities, including Kaiyun Sports, KM Gaming, Ponymuah, and SKG.” 

“While at face value these new companies appear independent, evidence shows they are not,” the authors wrote. “Together the newly established companies make up a supply chain for Vigorish Viper to continue operations unabated and under less scrutiny.”

By analyzing DNS data, the researchers were able to piece together the links between the many brands. The domain for one of them, KB Sports, was registered under the name “yabo” in 2020, they found.

KB Sports signed a three-year sponsorship deal that year with the French football club FC Girondins, allowing it to advertise pitchside. According to Infoblox, the gambling operator’s website isn’t available in Europe, but it is accessible in Hong Kong, Macau and mainland China, where gambling is a massive industry despite being illegal.

The researchers also found that customer support on Vigorish Viper’s websites appears to be provided actual staff — in a report by the Asian Racing Federation Council, Yabo Group was linked to human trafficking, specifically involving forced labor in a cyber fraud compound in Cambodia where people were allegedly tasked with supporting the company’s betting operations. 

Within that facility, trafficked workers were also forced to carry out pig butchering scams, in which fraudsters develop a relationship with victims before tricking them into making fraudulent investments. 

A recent report by the United Nations Office on Drugs and Crime detailed how online casinos had “diversified their business lines into cyberfraud operations.” 

“This work is particularly important because it connects the physical crimes of human trafficking, money laundering, and fraud, to online crime in a way that hasn’t been done before,” Renée Burton, vice president of Infoblox threat intelligence, said in a release. “We can now see that organized crime is executing a cunning strategy that uses unwitting European clubs to fuel their criminal cycle.”

CybercrimeIndustryNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

James Reddick

has worked as a journalist around the world, including in Lebanon and in Cambodia, where he was Deputy Managing Editor of The Phnom Penh Post. He is also a radio and podcast producer for outlets like Snap Judgment.

 

Total
0
Shares
Previous Post

Los Angeles County court system slated to reopen Tuesday after ransomware attack

Next Post

Russia dismisses US sanctions against members of ‘Cyber Army’ hacktivist group

Related Posts

GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code

Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages. These attacks typically involve registering domains or packages with names slightly altered from their legitimate counterparts (e.g., goog1e.com vs. google.com). Adversaries targeting open-source repositories across
Avatar
Read More