Researchers stated on Wednesday that a vast infrastructure that has been defrauding gullible people through phony gambling websites for 14 years is probably a twin operation managed by a nation-state-sponsored group that targets government and private-industry entities in the US and Europe.
Smaller components of the massive infrastructure have previously been monitored by researchers. The operation looks for and attacks poorly configured WordPress CMS websites, according to a study released last month by security firm Sucuri. In January, Imperva reported that hackers also search for and take advantage of PHP-based web applications that have vulnerabilities or webshells. After taking advantage of the vulnerabilities, the attackers install a GSocket, a backdoor that allows them to infiltrate servers and host gambling-related online content on them.
The gaming websites are all aimed at Indonesian-speaking users. Many people in Indonesia are tempted to illegal services because gambling is illegal there. Cloudflare hosts the majority of the 236,433 attacker-owned domains that host the gambling websites. GitHub, Azure, and Amazon Web Services held the majority of the 1,481 compromised subdomains.
This is not a “quickhit” gambling fraud.
These features are merely the most obvious indicators of a malevolent network that is actually far larger and more intricate than previously thought, according to experts from the security company Malanta on Wednesday. The network is probably used by nation-state hackers who target a variety of enterprises, such as those in manufacturing, transportation, healthcare, government, and education, rather than being purely a financially motivated operation, according to the firm.
The enormous time and resources required to build and maintain the infrastructure over a 14-year period serve as the foundation for the conjecture. Among the resources are 328,000 distinct domains, of which 236,000 were purchased by the attackers and 90,000 were taken over by breaching reputable websites. Additionally, it consists of almost 1,500 subdomains that have been taken over from reputable companies. According to Malanta, the annual cost of funding such infrastructure ranges from $725,000 to $17 million.
Courtesy: https://www.covers.com, https://www.casino.org, https://pechanga.net
