October 21, 2022 2 min read

China-Backed Hackers Use Target Southeast Asia Online Casinos

Online gambling operations in Southeast Asia were subject to advanced persistent threat (APT) attacks for years now, a recent report released by Kaspersky, the leading Russian multinational cybersecurity company, reveals.

Kaspersky Identifies New Hacker Activity

However, researchers at Kaspersky identified a new “GamePlayerFramework” hacker activity deployed by an organization called “DiceyF.” The organization is believed to have distributed malware that targeted online casino operations. By infecting the victim’s systems, DiceyF had ongoing access to their databases. According to the researchers at Kaspersky, such activities have been going on for years now, but this specific GamePlayerFramework is a new piece of software that used a redesigned and rewritten in C# “multistage loaders.”

We call this APT “DiceyF”. They have been targeting online casinos and other victims in Southeast Asia reportedly for years now,

reads a report released by Kaspersky

It is likely that the new DiceyF hacker activity aligns with similar resources of “Earth Berberoka/GamblingPuppet” APT activity. Another similar hacker activity that aligns with DiceyF is “DRBControl.” Research shows that those activities align considering the use of malware, among other hacking tools. It is possible that DiceyF leveraged a stolen digital certificate from a messaging application and distributed malware “via an employee monitoring system and a security package deployment service,” Kaspersky explained.

Possibly we have a mix of espionage and IP theft, but the true motivations remain a mystery,

adds Kaspersky’s report

The leading Russian cybersecurity company acknowledged that the DiceyF activity may be after intellectual property theft and espionage. But What’s strange with this case is that there’s so far no evidence of cash theft or financial motive behind the recent APT activity. 

Final Fantasy Reference

Besides the mystery motivation behind DiceyF activity, researchers identified a peculiar code within GamePlayerFramework. Two different branches were identified, one named “Tifa” and the other, “Yuna.” Tifa and Yuna are references to the famous Final Fantasy series, representing the two main characters.

According to researchers, the Yuna branch featured a downloader, along with plugins and “various PuppetLoader components.” On the other hand, the Tifa branch module included only a downloader in combination with a “core” module. It was identified that the Tifa branch leveraged an application used for secure messaging called Mango.

Journalist

Jerome is a welcome new addition to the Gambling News team, bringing years of journalistic experience within the iGaming sector. His interest in the industry begun after he graduated from college where he played in regular local poker tournaments which eventually lead to exposure towards the growing popularity of online poker and casino rooms. Jerome now puts all the knowledge he's accrued to fuel his passion for journalism, providing our team with the latest scoops online.

Leave a Reply

Your email address will not be published.