New hacker group uses old attack methods to breach Asian gambling companies
Researchers have uncovered a previously unknown hacker group that uses simple and dated attack methods to target governments and businesses in the Asia-Pacific region.
Called GambleForce, the group has been active since September and has mainly targeted the gambling industry, according to the report by Singapore-based cybersecurity firm Group-IB.
GambleForce broadened its focus in recent months to include government, retail, and travel websites. As of now, it has 20 known victims in its portfolio, primarily located in Australia, China, Indonesia, the Philippines, India, South Korea, Thailand, and Brazil.
The attackers use a set of publicly available open-source tools designed for penetration-testing. They haven’t employed any unique modifications and keep almost all default settings on the tools.
They primarily infect their victims using SQL injections — a type of cyberattack where an attacker manipulates a web application's database queries by injecting malicious SQL code. Researchers say this is one of the oldest attack methods, yet many companies are still susceptible to it.
“SQL attacks persist because they are simple by nature,” the researchers said. “Companies remain susceptible to such attacks because they fail to address fundamental flaws.”
The goal of GambleForce’s attacks is unclear. In some instances, the attackers stopped after performing reconnaissance, while in other cases, they successfully extracted user databases containing logins and hashed passwords, along with lists of tables from accessible databases, according to the researchers.
“The threat actor attempts to exfiltrate any available piece of information within targeted databases,” the report said. “What the group does with the stolen data remains unknown so far.”
After discovering GambleForce's malicious activity, the researchers took down its command and control server. However, they believe that the hackers will most likely regroup and rebuild their infrastructure to launch new attacks.
Group-IB didn’t attribute this group to a specific country but said that they found commands written in Chinese. This fact alone is not, however, enough to determine the group’s origin, researchers said.
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.