Cyber espionage or financial interest? SentinelOne makes its own bets.
According to the latest report from the cybersecurity company SentinelOne , the gambling sector in Southeast Asia has been the target of large-scale cyber attacks. Suspect Chinese hackers Bronze Starlight. The researchers note that the tools used by the attackers were used in previous operations of this particular group. It is possible that we are talking about cyber espionage-hackers monitor internal processes in companies and collect information unnoticed.
After the introduction of strict restrictions on casinos and other establishments in Macau, many companies and players began to look for alternative sites in Southeast Asia. The growth of their activity could attract the attention of hackers. The increased number of online transactions and data exchange flows is becoming a potential target for cybercriminals and spies. In addition, the transition of business to new regions is not accompanied by an appropriate level of security.
During the analysis, it turned out that the criminals used the products of the Ivacy organization, which specializes in VPN services. They also got hold of the digital signature keys of PMG PTE LTD, a partner of Ivacy VPN. As soon as the threat was detected, the corresponding certificate was immediately revoked.
Legitimate services like Adobe Creative Cloud, Microsoft Edge, and McAfee VirusScan served as Trojans to inject malware that worked only as a distraction. Interestingly, the program stopped working if it was launched on devices from a number of countries, including the United States, Russia, and Europe.
An additional indicator of hackers ' activity was the use of HUI Loader, a tool previously seen in the operations of Chinese groups, for example, APT10. This group was revealed in 2018. It is based in Tianjin, China, and is allegedly working with the Tianjin State Security Bureau.
Other groups also used HUI Loader: LockFile, AtomSilo, NightSky, LockBit 2.0, and Pandora.
Experts call for increased vigilance, given that attackers are constantly improving their sophisticated methods and finding new loopholes. It is already known that the group is able to mask its activities well, making it difficult to identify the source of attacks.
According to the latest report from the cybersecurity company SentinelOne , the gambling sector in Southeast Asia has been the target of large-scale cyber attacks. Suspect Chinese hackers Bronze Starlight. The researchers note that the tools used by the attackers were used in previous operations of this particular group. It is possible that we are talking about cyber espionage-hackers monitor internal processes in companies and collect information unnoticed.
After the introduction of strict restrictions on casinos and other establishments in Macau, many companies and players began to look for alternative sites in Southeast Asia. The growth of their activity could attract the attention of hackers. The increased number of online transactions and data exchange flows is becoming a potential target for cybercriminals and spies. In addition, the transition of business to new regions is not accompanied by an appropriate level of security.
During the analysis, it turned out that the criminals used the products of the Ivacy organization, which specializes in VPN services. They also got hold of the digital signature keys of PMG PTE LTD, a partner of Ivacy VPN. As soon as the threat was detected, the corresponding certificate was immediately revoked.
Legitimate services like Adobe Creative Cloud, Microsoft Edge, and McAfee VirusScan served as Trojans to inject malware that worked only as a distraction. Interestingly, the program stopped working if it was launched on devices from a number of countries, including the United States, Russia, and Europe.
An additional indicator of hackers ' activity was the use of HUI Loader, a tool previously seen in the operations of Chinese groups, for example, APT10. This group was revealed in 2018. It is based in Tianjin, China, and is allegedly working with the Tianjin State Security Bureau.
Other groups also used HUI Loader: LockFile, AtomSilo, NightSky, LockBit 2.0, and Pandora.
Experts call for increased vigilance, given that attackers are constantly improving their sophisticated methods and finding new loopholes. It is already known that the group is able to mask its activities well, making it difficult to identify the source of attacks.
