- Chinese Cyber Espionage Hits Southeast Asia’s Gambling Sector - September 10, 2023
- Tragic Internet Scam Case - September 10, 2023
- Major Cybercrime Crackdown: African Joint Forces Thwart $40M Heist - September 10, 2023
SentinelOne, a notable cybersecurity entity, recently uncovered a mammoth cyber onslaught targeting Southeast Asia’s flourishing gambling industry. The perpetrators? Suspected to be the Chinese hacker consortium, Bronze Starlight. The intricacies of their tools match the modus operandi from their previous ventures, hinting at the possibility of cyber espionage. With these cyberattacks, hackers seemingly keep a watchful eye on corporate internal operations, clandestinely amassing data.
The stringent clampdown on casinos in Macau redirected businesses and avid gamblers towards Southeast Asia. This burgeoning shift, however, may have unintentionally flashed a beacon for cybercriminals. With a surge in online transactions and data sharing, the gambling industry is ripe for cyber exploitation. To exacerbate matters, many migrating businesses haven’t prioritized the requisite security infrastructure.
Upon diving deeper, SentinelOne researchers discovered a fascinating trail. Cybercriminals cleverly employed products from Ivacy, a renowned VPN service provider. In a stunning breach, hackers even procured the digital signature keys of Ivacy’s partner, PMG PTE LTD. On identifying this vulnerability, the compromised certificate was hastily annulled.
In a twist, legitimate platforms like Adobe Creative Cloud, Microsoft Edge, and McAfee VirusScan were manipulated as trojan horses, masquerading malware which curiously deactivated when operating within certain regions, like the US, Russia, and parts of Europe.
Another revealing clue was the utilization of HUI Loader, a digital tool frequently associated with Chinese hacking groups, notably APT10 – a group rooted in Tianjin, China, believed to be in cahoots with the Tianjin State Security Bureau. Though, it’s worth noting that other groups such as LockFile, AtomSilo, NightSky, LockBit 2.0, and Pandora have also been known to employ HUI Loader.
The sophistication and adaptability of these attackers necessitate heightened vigilance. As the Bronze Starlight group continues to refine its stealth techniques, the challenge lies in pinpointing the true origin of these cyber threats.