China-based malware and hacking operations are targeting the gambling sector within Southeast Asia, a report by US cybersecurity company SentinelOne alleges.
The research was published by Tom Hegel and Aleksandr Milenkoski, senior threat analysts at SentinelLabs – an open venue for threat researchers and vetted contributors to reliably share their latest findings with a wider community of defenders.
“The company SentinelLabs has identified suspected-Chinese malware and infrastructure potentially involved in China-associated operations directed at the gambling sector within Southeast Asia,” the report states.
“Thriving after China’s crackdown on its Macau-based gambling industry, the Southeast Asian gambling sector has become a focal point for the country’s interests in the region, particularly data collection for monitoring and countering related activities in China,” note the analysts.
Cybersecurity firm SentinelOne said the tactics, techniques, and procedures point to the involvement of a threat actor tracked as Bronze Starlight, a hacker group said to have previously used ransomware as a smokescreen to conceal its espionage motives.
“This is a suspected Chinese ‘ransomware’ group whose main goal appears to be espionage rather than financial gain, using ransomware as means for distraction or misattribution” Milenkoski and Hegel say in the analysis.
The malware and infrastructure analyzed were said to be linked to Operation ChattyGoblin, the name given to a series of attacks by China-nexus actors targeting Southeast Asian gambling companies with trojanized Comm100 and LiveHelp100 chat applications.
The group’s tactics included involved abusing Adobe Creative Cloud, Microsoft Edge, and McAfee VirusScan executables vulnerable to DLL hijacking.
Insikt Group, a threat research department within global threat analysis firm Recorded Future, which focuses its research primarily on Chinese and North Korean-sponsored cyber attacks, previously reported research indicating that RedHotel, an advanced cyber-espionage organization allegedly backed by China, was targeting online gambling operations within southeast Asia.