New hacker group uses old attack methods to breach Asian gambling companies

Jason Macuray
Researchers have uncovered a previously unknown hacker group that uses simple and dated attack methods to target governments and businesses in the Asia-Pacific region.

Researchers have uncovered a previously unknown hacker group that uses simple and dated attack methods to target governments and businesses in the Asia-Pacific region.

Called GambleForce, the group has been active since September and has mainly targeted the gambling industry, according to the report by Singapore-based cybersecurity firm Group-IB.

GambleForce broadened its focus in recent months to include government, retail, and travel websites. As of now, it has 20 known victims in its portfolio, primarily located in Australia, China, Indonesia, the Philippines, India, South Korea, Thailand, and Brazil.

The attackers use a set of publicly available open-source tools designed for penetration-testing. They haven’t employed any unique modifications and keep almost all default settings on the tools.

They primarily infect their victims using SQL injections — a type of cyberattack where an attacker manipulates a web application’s database queries by injecting malicious SQL code. Researchers say this is one of the oldest attack methods, yet many companies are still susceptible to it.

“SQL attacks persist because they are simple by nature,” the researchers said. “Companies remain susceptible to such attacks because they fail to address fundamental flaws.”

The goal of GambleForce’s attacks is unclear. In some instances, the attackers stopped after performing reconnaissance, while in other cases, they successfully extracted user databases containing logins and hashed passwords, along with lists of tables from accessible databases, according to the researchers.

“The threat actor attempts to exfiltrate any available piece of information within targeted databases,” the report said. “What the group does with the stolen data remains unknown so far.”

After discovering GambleForce’s malicious activity, the researchers took down its command and control server. However, they believe that the hackers will most likely regroup and rebuild their infrastructure to launch new attacks.

Group-IB didn’t attribute this group to a specific country but said that they found commands written in Chinese. This fact alone is not, however, enough to determine the group’s origin, researchers said.

BriefsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk
is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Lindy Cameron, head of UK NCSC, to leave cyber agency for diplomatic posting

Next Post

More than 45,000 affected by cyberattack on Idaho nuclear research lab

Related Posts

OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution

A security analysis of the OvrC cloud platform has uncovered 10 vulnerabilities that could be chained to allow potential attackers to execute code remotely on connected devices. "Attackers successfully exploiting these vulnerabilities can access, control, and disrupt devices supported by OvrC; some of those include smart electrical power supplies, cameras, routers, home automation systems, and
Avatar
Read More