Gaming Sites Across Southeast Asia Targeted by Chinese-Speaking Hackers

Posted on: March 24, 2022, 11:12h. 

Last updated on: March 24, 2022, 11:29h.

Gaming-related companies across Southeast Asia are under attack. Hackers, reportedly out of China, are targeting operations in the region, and where successful, can gain access to entire gaming networks.

Cybercrime
Cybercrime is a real threat that can compromise any online system. Gaming operators in Southeast Asia are now the targets of a Chinese-speaking cybercriminal group. (Image: Hubstream Software)

Cyberthreats are something any online site deals with. The online gaming segment isn’t immune, either. Any industry that deals with money and sensitive data is at risk.

A new threat is emerging that, according to cybersecurity firm Avast, mostly targets gaming operators in Southeast Asia. Hackers are launching sophisticated attacks that, where successful, could completely compromise networks.

New iGaming Cybersecurity Threat

There is a new advanced persistent threat (APT) that is going after gambling-related companies in locations such as Hong Kong, the Philippines, and Taiwan. Cyber analysts are still dissecting all of the details, but the threat is reportedly in Chinese, which may indicate its origin.

The attack, which Avast dubs Operation Dragon Castling (ODC), shares properties with other malicious programs, such as FFRat and MulCom. The former, according to the cybersecurity company, can be traced to the DragonOK group, a malicious entity that has been operating for years. DragonOK has ties to PoisonIvy and PlugX, two backdoor entry programs linked to Chinese-speaking hackers.

Avast confirmed in an email to Casino.org that it identified the gaming sector as the target through an email received by an unidentified gaming company. In the email, the attacker requested that the company “check for a bug in their software,” which served as the basis for Avast’s conclusion.

The company also indicates that multiple companies in the gaming industry have been targets. However, it isn’t able to disclose the names because of company policy.

Cyber Analysts Smell a Rat

FFRat has been around for at least 12 years, although it has been difficult to determine its origin. As a result, ODC is in a similar position. Avast has not determined the motivation for the arrival of the malicious program, or what its developers hope to achieve, whether it’s for financial gain or system disruption.

The threat appears to be extremely advanced and can break through multiple layers of protection. Avast determined that its main objective is to exploit a vulnerability of WPS Office, a free Microsoft Office alternative.

ODC is able to take advantage of a flaw in the application’s automatic updater, exposing systems to attack. Avast already forwarded its findings to Kingsoft Office, the developers of WPS Office, which has reportedly addressed the vulnerability.

However, with 1.2 billion WPS Office installations around the world, there are likely a high number of systems open to compromise. Because the malicious program is able to determine the status of certain antivirus protection, it can install itself on unprotected computers and servers.

Total System Control

ODC is able to create backdoors that allow it to drill deeper into the system, avoiding detection the entire time. In addition, it can bypass user account control protocols and execute remote-controlled commands at will.

Cyber intrusions can carry massive costs, directly and indirectly. The attacks force companies to take their systems offline until they can be cleaned, which could take months. They also lead to a loss in consumer confidence, as well as the loss of data.

Cybercrime cost the global economy $5 trillion in 2019. Its impact, according to Cybercrime Magazine, will be $10.5 trillion by 2025.

Security experts have already identified state-sponsored cybercriminal groups working in countries like North Korea, China and Russia. They’re not the only ones, though, as even organized criminal gangs are launching virtual attacks.

In order to limit the possibility of unwanted intrusions, systems engineers and administrators have to keep their entire systems as up-to-date as possible at all times. They also must ensure that users understand the potential risks, especially concerning things like email attachments and links in emails.

Security is becoming more sophisticated, but so are hackers. While there are a number of automated tools that can offer protection, individuals are ultimately the best defense against attacks.