Asian Online Gambling Sites Were Held to a $100 million Ransom Last Year; Israeli Security Firms Blame Chinese Hackers
Israeli online security providers Profero and Security Joes have published a new (highly technical) report revealing details of a large scale hacking attack on Asian gambling firms that took place last January.
The hackers demanded $100 million in cryptocurrency Bitcoin after locking down servers from five different online casino sites.
However, the two security firms managed to eliminate the threatening code and return the files through retrieval and pre-existing backups.
The two security teams say that they found evidence to suggest the perpetrator may have been a Chinese hacking group known as Advanced Persistent Threat 27. The group is also covertly known as AP27 or Emissary Panda.
AP27 is allegedly funded by the Chinese government. It usually “focuses on cyberespionage and theft of information and data, as well as commonly targeting government organizations, defense sectors, and more” cybersecurity experts told Israeli newspaper Haaretz.
However, researcher Amit Serper of Boston- and Tel Aviv-based Guardicore said that “attribution to state actors is extremely difficult.”
He suggested that, although the methods used in this attack were consistent with Chinese government-backed groups, the operation could have always been a false flag.
“We have seen in the past attacks that were so identical in their modus operandi to the Chinese attacks that we suspected – and later proved – that it was a false flag operation by another nation.”Amit Serper
Chinese hacking groups tend to employ less complicated and subtle tactics than, say, the Russian-backed SolarWinds hack that breached Department of Justice systems last year.
This latest attack was consistent with that assumption, as it used a pre-existing script to carry out the attack rather than a custom piece of unique ransomware.
State Level Capabilities
Regardless of the intentions, it is known that Chinese government groups (as well as many other nations, including the US, Russia, North Korea, the UK, and many more) do pull off such attacks. However, they are usually against state-run or state-connected infrastructure projects.
This is one of the first times private gambling companies have specifically been targeted in such a large-scale operation.
Another possibility is China’s secretive neighbor North Korea. The totalitarian nation has its own online gambling site network dedicated to targeting Chinese customers. Reports say it may be worth up to $1 billion a year in income.
In recent years, North Korea has been accused of attempting to steal billions through cyber attacks on South Korean and Bangladeshi companies, amongst others.
To add to the list of suspects, China’s Communist Party government has been upping the ante in its campaign against illegal gambling in recent months. There’s always the possibility the attack was a clandestine attempt to disrupt or threaten gambling operators that are illegally serving Chinese customers.
It could have even been a cover-up for the real mission – to collect information on high-rolling gamblers for future investigations, researcher Segev Moyal told Haaretz. “We just can’t be certain,” he said.
“More and more nations seem to target private companies with their powerful capabilities. They are just not prepared to deal with a state-level threat”Segev Moyal
Hopefully, this is a trend that doesn’t continue across the world in 2021 – but if it does, gambling operators would be wise to stay prepared.