The group of hackers, known as APT27, were gaining access to specific servers and demanding US$100m in Bitcoin as ransom
Israeli cybersecurity firms, Profero and Security Joes, are reporting a series of malicious software attacks, known as ransomware, against five unnamed online gambling companies by a group known as Advanced Persistent Threat 27 (APT27).
APT27 was originally focused on corporate intelligence rather than financial gain but have now shifted to gambling companies.
The report also identified a Chinese-led hacking group known as Winnti (aka APT41), which has a history of going after online gaming. The APT27 attacks used similar DRBControl malware to gain access to targeted servers.
Once the hackers gained access to a specific server, they utilised the BitLocker encryption tool built into Windows to deny access to the rightful owners of the servers rather than applying a custom piece of ransomware and then demanded a total of US$100m in Bitcoin from the targeted gambling operators to unlock the servers.
The gambling companies did not give in to the hackers’ demand as ransoms were not paid and companies were able restore access to their servers by using back up files.
Amit Serper (pictured left), a cybersecurity researcher, told Haaretz that these designed attacks are very similar to those used by state-sponsored Chinese hackers. Their certain ways of attacking a system are easily noticeable and that is why Serper thinks it was this specific group of hackers. However, since state-sponsored Chinese hackers tend to use the same tactics, there is the possibility that another country could be impersonating these hackers, such as North Korea according to Amit Serper.
Furthermore, there may also be the possibility that these attacks were a response to China’s fight against ‘cross-border’ gambling. The hackers may have used the ransomware tactic as a way to hinder operators by stopping them from accepting bets from mainland gamblers. This hacking tactic could be a new form of penalising mainland gamblers and help in their fight against cross-border gambling.
About SiGMA Pitch:
Following a very successful run, the 5th edition of SiGMA Pitch is back for Spring 2021. Over 100 startups will be selected to showcase their products and initiatives throughout the event. Each startup will have a small booth at SiGMA surrounded by top investors and mentors. However, only the judges’ top ten make it to the Pitch during the final leg of the Summit. Increase your chance of being one of the top 100 by providing a 3-minute video-introduction upon participation! Apply now.