Two Israeli Firms Claim to Have Prevented Serious Ransomware Attack against Several Online Gambling Companies

Chinese hackers, who are allegedly sponsored and backed by the country’s government, are targeting some of the largest online gambling firms on a global scale with a type of malicious software, researchers have reported.

Two Israeli firms specializing in cybersecurity claim they have prevented an attempted cybercrime attack aimed at five of the leading online gambling and gaming companies in the world. As revealed by a case report study published at the beginning of the week by Profero and Security Joes, the two firms said the attackers, who are believed to be Chinese or linked to a Chinese hacker organization, demanded ransom amounting to more than $100 million after encrypting data from various companies.

The gambling operators did not pay the ransom and the attack was unsuccessful. The Israeli cybersecurity firms further noted that the affected companies managed to restore their data thanks to some backups. As mentioned above, they claim that the attack was led by hackers linked to the Chinese government and was held as part of a bigger trend that puts countries’ powerful cyber capabilities against private companies.

In this particular case, hackers used gambling companies’ and software firms’ employees were targetted, which allowed them to penetrate their system indirectly through so-called supply chains.

Hackers’ Attack Was Funded by the Chinese Government, Cybersecurity Firms Claim

The Israeli firms explained that in this case the attack was associated with a group known as Emissary Panda, or Advanced Persistent Threat 27 (APT27). Currently, APT is used as an industry term for hackers who are sponsored by a country’s government.

Reportedly, the attack faced by the five online gambling operators is a change for APT27 that has been allegedly funded by the Government of China and specializes in cyberespionage, theft of data and information and often targets defense sectors, government organizations, etc.

A branch of the abovementioned group, which is called Winnti (APT41), used to be involved in some espionage activity sponsored by the Chinese Government. Back in 2019, Fireye accused it of spying on global communications, technology and health care providers for the country. China has rejected these allegations several times.

Winnti already has a history of going after online gaming companies, and now the APT27 attacks allegedly used similar DRBControl malware to gain access to the targeted companies’ servers. So far, APT27 was mostly focused on corporate espionage rather than looking for financial gain. Also, the attacks held by the APT27 group were different in the approach used by hackers. Once they had gained access to a certain server, they used the Windows built-in encryption tool BitLocker to cut the companies owners’ access to their servers rather than implement some ransomware.

COMMENTS