New hacker group uses old attack methods to breach Asian gambling companies

Jason Macuray
Researchers have uncovered a previously unknown hacker group that uses simple and dated attack methods to target governments and businesses in the Asia-Pacific region.

Researchers have uncovered a previously unknown hacker group that uses simple and dated attack methods to target governments and businesses in the Asia-Pacific region.

Called GambleForce, the group has been active since September and has mainly targeted the gambling industry, according to the report by Singapore-based cybersecurity firm Group-IB.

GambleForce broadened its focus in recent months to include government, retail, and travel websites. As of now, it has 20 known victims in its portfolio, primarily located in Australia, China, Indonesia, the Philippines, India, South Korea, Thailand, and Brazil.

The attackers use a set of publicly available open-source tools designed for penetration-testing. They haven’t employed any unique modifications and keep almost all default settings on the tools.

They primarily infect their victims using SQL injections — a type of cyberattack where an attacker manipulates a web application’s database queries by injecting malicious SQL code. Researchers say this is one of the oldest attack methods, yet many companies are still susceptible to it.

“SQL attacks persist because they are simple by nature,” the researchers said. “Companies remain susceptible to such attacks because they fail to address fundamental flaws.”

The goal of GambleForce’s attacks is unclear. In some instances, the attackers stopped after performing reconnaissance, while in other cases, they successfully extracted user databases containing logins and hashed passwords, along with lists of tables from accessible databases, according to the researchers.

“The threat actor attempts to exfiltrate any available piece of information within targeted databases,” the report said. “What the group does with the stolen data remains unknown so far.”

After discovering GambleForce’s malicious activity, the researchers took down its command and control server. However, they believe that the hackers will most likely regroup and rebuild their infrastructure to launch new attacks.

Group-IB didn’t attribute this group to a specific country but said that they found commands written in Chinese. This fact alone is not, however, enough to determine the group’s origin, researchers said.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk
is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Lindy Cameron, head of UK NCSC, to leave cyber agency for diplomatic posting

Next Post

More than 45,000 affected by cyberattack on Idaho nuclear research lab

Related Posts

Beware: Fake Facebook Job Ads Spreading ‘Ov3r_Stealer’ to Steal Crypto and Credentials

Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3r_Stealer. "This malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat actor monitors," Trustwave SpiderLabs said in a report shared with The Hacker News. Ov3r_Stealer
Read More