In a startling revelation, cybersecurity researchers expose GambleForce, an elusive hacker group employing simple yet effective tactics to infiltrate governments and businesses across the Asia-Pacific region.
GambleForce As a Pervasive Threat in Cybersecurity
Since its emergence in September 2023, GambleForce has primarily honed in on the gambling industry, as detailed by Singapore-based cybersecurity firm Group-IB. However, recent months have witnessed a strategic shift, with the group expanding its targets to include government, retail, and travel websites, according to The Record.
Related Article: Beware of Fake Hotel Reservations: MrAnon Stealer Phishing Scam Steals Data Through PDF Links
GambleForce's Wide Spectrum of Victims
With a portfolio boasting 20 known victims, GambleForce strategically selects its targets across Australia, China, Indonesia, the Philippines, India, South Korea, Thailand, and Brazil.
Furthermore, the hacking group's proficiency lies in employing simple and dated attack methods, evading detection by keeping default settings on publicly available open-source tools designed for penetration testing.
Persistent Threat: Exploiting SQL Injections
GambleForce's weapon of choice is SQL injections, a cyberattack method manipulating a web application's database queries with injected malicious SQL code. Despite its age, this technique remains potent, exploiting fundamental flaws many companies overlook. It's best not to underestimate the hackers behind the attack since several gambling firms still get caught off-guard with this old method.
Objectives Unclear: Varied Outcomes of Attacks
The motives behind GambleForce's attacks remain ambiguous. In some instances, the hackers cease after reconnaissance, while in others, they successfully extract user databases containing logins, hashed passwords, and lists of tables from accessible databases.
Researchers Take Down Command and Control Server
Upon detecting GambleForce's malicious activities, researchers swiftly took down its command and control server. Despite this setback, the researchers anticipate the group's resilience, expecting them to regroup and rebuild their infrastructure for future attacks.
Group-IB refrains from attributing GambleForce to a specific country despite uncovering commands written in Chinese.
Cybersecurity researchers caution that this linguistic factor alone isn't conclusive evidence of the group's origin, emphasizing the complexity of attributing cyber threats in the ever-evolving landscape of cybersecurity.
This was not the first time that a gambling giant was attacked. MGM Resorts also reported that the hackers infiltrated them in September.
At that time, the company assumed that the cyberattack was carried out by a notorious gang of cybercriminals known as Scattered Spider.
Even then, the FBI still struggled to put an end to the cyber incidents that were hitting the casino firm, according to Reuters. Aside from MGM Resorts, Caesars Entertainment also recorded that hackers managed to break in to their operations.
For more reports about cybersecurity or any related topics, click here for the latest news and updates in the industry.
Read Also: Lazarus Group Still Exploits Log4Shell: What Are Andariel's Recent Cyberattacks?
