A group of Chinese hackers is targeting and hacking online gambling and betting websites since 2019. As per the reports by cyber-security firms Talent-Jump and Trend Micro, hacks have been officially confirmed at gambling companies in Southeast Asia, while unconfirmed rumours of hacks have also come from Europe and the Middle East.
Talent-Jump and Trend Micro say hackers appear to have stolen company databases and source code, but not money, suggesting the attacks were espionage-focused, rather than cybercrime motivated. They said the attacks had been carried out by a group called DRBControl.
Attacks start with a spear-phishing link sent to targets. Employees who fall for the emails and open the documents they received are infected with backdoor trojans.
These backdoor trojans are somewhat different from other backdoors because they heavily rely on the Dropbox file hosting and file sharing service, which they use as a command-and-control service and as a storage medium for second-stage payloads and stolen data.
The Chinese hackers use backdoors to download other hacking tools and malware that they use to move laterally through a company’s network until they find databases and source code repositories from where they can steal data.