New hacker group targets governments, businesses in Asia-Pacific region

Cybersecurity experts have identified the GambleForce hacking group as its primary target in the Asia-Pacific region, specifically governments and enterprises.

Group-IB, a cybersecurity firm based in Singapore, has documented the activities of GambleForce since September. Initially focused on the casino sector, the group has since branched out to encompass websites affiliated with governmental bodies, retailers, and travel agencies.

The organization has confirmed the identities of twenty victims, the majority of whom are citizens of India, South Korea, Thailand, China, Indonesia, and the Philippines.

GambleForce employs antiquated and fundamental attack methods, utilizing publicly accessible open-source tools designed for penetration testing that do not require any specialized configurations or default settings. An instance of cyberattack referred to as SQL injection modifies database queries executed by a web application with malignant SQL code. In spite of being one of the most ancient attack vectors, organizations continue to be vulnerable to SQL attacks on account of unresolved vulnerabilities at its core.

The group’s inconsistent conduct—which ranges from ceasing operations following reconnaissance to effectively acquiring user databases containing login credentials and hashed passwords—demonstrates the ambiguity surrounding their intentions. The ultimate purpose of the seized data remains unknown.

Researchers terminated the command and control server of GambleForce upon discovering its activities. They do anticipate that the gang would reconfigure and reconstruct its infrastructure in preparation for additional assaults. Group-IB detected Chinese orders despite being unable to establish a direct connection between GambleForce and a particular nation. This, nevertheless, fails to establish the geographical origin of the group.

Original story by: The Record