Avast Reports Cyber Attack on Gambling Companies in Southeast Asia
5 minutes
Last Updated: May 8, 2022
Avast Reports Cyber Attack on Gambling Companies in Southeast Asia
There is a prolonged cyber-attack going on, targeting gambling companies in Southeast Asia. Online casinos in Taiwan, the Philippines, and Hong Kong are particularly targeted by Chinese-speaking hackers, security firm Avast said.
A cybersecurity company Avast recently discovered an Advanced Persistent Threat (APT), a long-standing cyber-attack.
The company has named the attack Operation Dragon Castling. Gambling companies from Taiwan, Hong Kong, and the Philippines were targeted during this cyber-attack.
Avast does not know who the exact persons are behind the attack, but they did determine that it is a Chinese APT.
Similar Code Used Before – The MulCom Backdoor
Avast reports on the website that the code in the attack has similarities with modules used by this APT group, the MulCom backdoor.
The attack technique used is anything but new, because the BlackBerry Cylance Threat Research Team previously wrote about this code in their report from 2017.
A 2015 report from Palo Alto Networks already discusses this method.
Avast confirmed in an email to Casino.org that it had identified the gaming industry as a target via an email received by an anonymous gaming company.
In the email, the attacker requested that the company “check for a bug in their software,” which served as the basis for Avast’s conclusion.
The company also indicates that multiple companies in the gaming industry have been targeted. However, due to company policy, they do not disclose the names of the companies.
Cyber Attacks on Gambling Companies not Unique to Southeast Asia
Cyber-attacks on online casinos are not unique to Southeast Asia. Gambling sites operating in Europe and America are also frequently the target of attacks.
In many cases, it involves digital extortion where online casinos have to pay a ransom to stop being attacked.
The attacks take place in different ways. A DDOS attack is a common attack technique in which a server receives so much traffic that it collapses.
If a company is really hacked, files can be encrypted so that a website can no longer function. In either case, the target is eventually blackmailed; it has to pay a ransom to be able to operate again.
It is not known whether this attack concerns extortion or whether the information is sought about companies or their players.
Avast is not making any further statements about the cyber-attack on the gambling companies, it is more about the specific vulnerabilities and the codes that exploit them.