• June 13, 2024

Southeast Asian Gambling Operations Allegedly Targeted by Chinese Hacker Groups

A serious threat to the Southeast Asia gambling market is coming from the neighborhood. SentinelOne, a renowned cybersecurity company based in the U.S., reported that various malware and hacking operations conducted by hackers from China are targeting this Asian region. 

SentinelOne’s report:

Senior threat analysts at the US-based company, Tom Hegel and Aleksandr Milenkoski, conducted detailed research and revealed it to the world to hear. The company they’re working for is one of the best open venues for various threats all around the world since they’re a reliable source that rapidly became famous for its findings.

The company released a report about this news, saying: “The company SentinelLabs has identified suspected Chinese malware and infrastructure potentially involved in China-associated operations directed at the gambling sector within Southeast Asia.”

The report also reveals the reasons behind this operation. After a huge crackdown that occurred on Chinese gambling operations in Macau, Southeast Asia became the main focus when it came to the expansion of the country’s gambling operations on the continent. The region became a fruitful land when it came to collecting data related to various monitoring and countering operations that occur in the Chinese market.

SentinelOne even has a lead to the hacker group that might be behind all of this. According to the source, the tactics, techniques, and procedures noticed during the operation are pointing to a Bronze Starlight, a famous hacker group that is already known in the industry for its ransomware posted as a cover that hides various espionage motives that were the first motive behind the attack.

Hegel and Milenkoski provided a detailed analysis. The team said: “This is a suspected Chinese ‘ransomware’ group whose main goal appears to be espionage rather than financial gain, using ransomware as means for distraction or misattribution.”

Huge operation running:

However, all of this seems to be a part of a bigger operation called Operation ChattyGoblin. The operation included various attacks conducted by China-nexus actors, and the main target was gambling companies based in Southeast Asia. They were hacked with trojanized Comm100 and LiveHelp100 chat apps. 

Many important companies’ assets were compromised in the attack, including Adobe Creative Cloud, Microsoft Edge, as well as the protectors McAfee VirusScan executables that were prone to DLL hijacking.

Another suspicion:

This is not the first time huge companies specializing in global threat analysis have been interested in Asian markets. Recorded Future’s threat research department, Insikt Group had some suspicions recently. Recorded Future is a company with significant experience in the global threat analysis industry, and its Insikt Group’s primary focus is on cyber attacks conducted by Chinese and North Korean hackers. They already implied that one of the cyber-espionage organizations that is supposedly operated by China, RedHotel, is targeting various online gambling operations across Southeast Asian countries.

Southeast Asian Gambling Operations Allegedly Targeted by Chinese Hacker Groups