Chinese State-Backed Hackers Target Gambling Companies in $100M Ransomware Attack

Israeli cybersecurity firms have released a report detailing Chinese state-backed hacker attempts to disrupt gambling platforms.

Chinese Hackers Target Gambling Companies

China’s march against illegal gambling operations has taken a new turn, with state-sponsored hackers now taking aim at gambling firms that have been promoting their products to Chinese nationals without authorization.

In what is an ingenious response to illegal gambling, China has been able to take the fight back to offshore gambling sites, a report by Profero and Security Joes, two Israeli cybersecurity firms, has confirmed.

The report identified five gambling firms that have become “victims” of such attacks for attempting to or successfully promoting gambling products to Chinese nationals. Hackers have rallied their efforts in a group known as “Advanced Persistent Threat 27 (APT27) or Emissary Panda.”

The firms focused on comparing the activity of another hackers group by the name of Winnti that deployed DRBControl malware to attack platforms and engage in corporate espionage. Similar to Winnti, APT27 has secured access to a company’s servers, and the hackers then used the BitLocker encryption tool to deny owners access.

No Ransom Paid in the End

According to the report, hackers have requested at least $100 million to be paid in Bitcoin to restore access to gambling operators’ servers, but companies remained adamant in the face of the threat and never paid a penny, Profero and Security Joes explained.

Instead, companies used backup data to restart services. While there is no definitive proof that all companies have been targeting Chinese nationals, the Israeli cybersecurity firms are confident in their surmise that APT27 has gone after gambling platforms with the help of the state.

China has been known for its clandestine hacking operations to overseas companies, allegedly stealing intellectual property and engaging in corporate espionage on daily bases.

Yet, the country comes short of North Korea’s hacking groups, which have been embroiled in various hacking initiatives and cryptocurrency heists due to stringent sanctions that have left the country in the midst of economic calamity.

One theory the Israeli firms had is that the hackers didn’t expect any ransomware, but were rather keen to disrupt the service of gambling companies targeting Chinese nationals, buying authorities time to block access to such platforms. China has recently issued a report in which it outlined that an estimated 11 million residents gamble online every day.