Asian-facing online gambling operators are being targeted by a group of suspected Chinese hackers whose aims appear to go beyond merely stealing money.
A new report from TrendMicro turns a spotlight on a shadowy group that’s been dubbed DRBControl (short for Dropbox Control), an “advanced persistent threat actor” engaged in a “cyberespionage campaign targeting gambling operations” in Southeast Asia.
TrendMicro’s investigation began in mid-2019 after TrendMicro was contacted by a firm performing an incident response operation on a Philippines-based company. The company’s support team was targeted via a spear-phishing email that asked recipients to open a .DOCX file to view a screenshot that supposedly displayed some error the customer was having.
When a support team member opened this file, the document embedded an executable file that installed malware via two previously undisclosed backdoors. Later versions of this malware involved a backdoor that utilized the Dropbox file hosting service as its command-and-control channel.
Once compromised, a user’s computer would be pillaged for passwords, databases, source codes and other proprietary technical information, while also installing other malware for future operations. TrendMicro said the targeted data suggested that “the campaign is used for cyberespionage or gaining competitive intelligence.”
The gambling sites targeted to date were all based in Southeast Asia. TrendMicro said it had been “made aware that Europe and the Middle East regions are also being targeted,” but the company was unable to confirm these reports.
TrendMicro’s research suggested links to a Chinese-led group of hackers known as Winnti, which has been targeting gambling sites for a decade or more. Kapersky Lab researchers found evidence of Winnti operations targeting video game operators since 2009 in order to steal in-game virtual currencies that were later sold for real cash.
The online gambling industry is no stranger to digital rogue actors, including state-sponsored efforts by North Korea’s regime, which reportedly relies on a network of online gambling sites based in other jurisdictions to generate badly needed hard currency. North Korean hackers have also been blamed for cryptocurrency thefts and the infamous (if only partially successful) attempt to steal $1b from the government of Bangladesh.