Researchers Discover New Hacking Group Targeting Gambling Firms in Asia

The GambleForce has been operating since September 2023.

In a startling revelation, cybersecurity researchers expose GambleForce, an elusive hacker group employing simple yet effective tactics to infiltrate governments and businesses across the Asia-Pacific region.

GambleForce As a Pervasive Threat in Cybersecurity

Researchers Discover New Hacking Group Targeting Gambling Firms in Asia
A new group of hackers has surfaced recently and it aims to attack gambling companies across Asia-Pacific region. The so-called "GambleForce" gang is known to launch an old method of cyberattack. Kaysha from Unsplash

Since its emergence in September 2023, GambleForce has primarily honed in on the gambling industry, as detailed by Singapore-based cybersecurity firm Group-IB. However, recent months have witnessed a strategic shift, with the group expanding its targets to include government, retail, and travel websites, according to The Record.

GambleForce's Wide Spectrum of Victims

With a portfolio boasting 20 known victims, GambleForce strategically selects its targets across Australia, China, Indonesia, the Philippines, India, South Korea, Thailand, and Brazil.

Furthermore, the hacking group's proficiency lies in employing simple and dated attack methods, evading detection by keeping default settings on publicly available open-source tools designed for penetration testing.

Persistent Threat: Exploiting SQL Injections

GambleForce's weapon of choice is SQL injections, a cyberattack method manipulating a web application's database queries with injected malicious SQL code. Despite its age, this technique remains potent, exploiting fundamental flaws many companies overlook. It's best not to underestimate the hackers behind the attack since several gambling firms still get caught off-guard with this old method.

Objectives Unclear: Varied Outcomes of Attacks

The motives behind GambleForce's attacks remain ambiguous. In some instances, the hackers cease after reconnaissance, while in others, they successfully extract user databases containing logins, hashed passwords, and lists of tables from accessible databases.

Researchers Take Down Command and Control Server

Upon detecting GambleForce's malicious activities, researchers swiftly took down its command and control server. Despite this setback, the researchers anticipate the group's resilience, expecting them to regroup and rebuild their infrastructure for future attacks.

Group-IB refrains from attributing GambleForce to a specific country despite uncovering commands written in Chinese.

Cybersecurity researchers caution that this linguistic factor alone isn't conclusive evidence of the group's origin, emphasizing the complexity of attributing cyber threats in the ever-evolving landscape of cybersecurity.

This was not the first time that a gambling giant was attacked. MGM Resorts also reported that the hackers infiltrated them in September.

At that time, the company assumed that the cyberattack was carried out by a notorious gang of cybercriminals known as Scattered Spider.

Even then, the FBI still struggled to put an end to the cyber incidents that were hitting the casino firm, according to Reuters. Aside from MGM Resorts, Caesars Entertainment also recorded that hackers managed to break in to their operations.

For more reports about cybersecurity or any related topics, click here for the latest news and updates in the industry.

Joseph Henry
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics