Unmasking Espionage: The Dark Side of Online Gambling Exploits

Espionage Activities Disguised as Gambling

Researchers from various security firms have uncovered that what initially appears to be a fraudulent gambling network may be a sophisticated espionage operation. Operating for over 14 years, this extensive network has bilked victims via deceptive gambling websites, which are part of a more sinister plot targeting both government and private-sector organizations in the US and Europe.

Exploiting Vulnerabilities

Security firm Sucuri reported last month that the operation routinely searches for poorly configured WordPress sites. Additionally, Imperva noted in January that the attackers actively scan for and exploit vulnerabilities in web applications built with the PHP programming language. Once vulnerabilities are exploited, the attackers deploy a GSocket backdoor to gain persistent access to the compromised servers, which then host gambling-related content.

Targeting Indonesian Users

The fraudulent gambling sites primarily cater to Indonesian-speaking visitors, capitalizing on the country’s strict anti-gambling laws. This has drawn many individuals towards these illicit online services. Out of the reported domains, over 236,433 are believed to be attacker-owned, with the majority hosted on Cloudflare. Furthermore, approximately 1,481 hijacked subdomains are reported to reside on AWS, Azure, and GitHub.