According to the latest report from cybersecurity company SentinelOne, the gambling sector in Southeast Asia has become the target of large-scale cyber attacks. The suspected culprits behind these attacks are Chinese hackers known as Bronze Starlight. Researchers have found that the tools used by the attackers have been utilized in previous operations by this specific group, leading to suspicions of cyberspying.
Following the implementation of strict regulations on casinos and other establishments in Macau’s provinces, many companies and players have sought alternative sites in Southeast Asia. This increased activity has drawn the attention of hackers. The surge in online transactions and data exchanges has created potential targets for cybercriminals and spies. Furthermore, the lack of adequate security measures accompanying the business transition to new regions has heightened the vulnerability of these operations.
During the analysis process, it was discovered that the criminals utilized products from IVACY, an organization specializing in VPN services. They also gained access to the key signature of PMG PTE LTD, a partner of IVACY VPN. As soon as the threat was identified, the corresponding certificate was promptly revoked.
The hackers employed legitimate services such as Adobe Creative Cloud, Microsoft Edge, and McAfee Virusscan as disguises for introducing malicious software, which only served as distractions. Interestingly, the program ceased functioning if launched on devices from certain countries, including the United States, Russia, and Europe.
Another indication of the hackers’ activity was the use of Hui Loader, a tool previously associated with Chinese groups like APT10. This group, exposed in 2018, is based in Tianjin, China, and allegedly collaborates with the Tianzzinsky Bureau of State Security.
Additionally, other groups utilizing Hui Loader have been identified: LockFile, Atomsilo, Nightsky, Lockbit 2.0, and Pandora.
Experts emphasize the need for heightened vigilance as attackers continuously refine their sophisticated methods and exploit new vulnerabilities. It is already evident that the group responsible for these attacks excels at disguising their activities, making it challenging to pinpoint the source of the attacks.