Phishing, Threat Intelligence

Gambling sector subjected to APT41 intrusions

Share
Miscreants infected a poker player's laptop malware that monitored his every online gambling move.

Organizations in the gambling and gaming industry have been subjected to an advanced multi-stage cyberattack by Chinese state-sponsored threat operation APT41, also known as Earth Baku, Brass Typhoon, Winnti, and Wicked Panda, since earlier this year, reports The Hacker News.

Spear-phishing emails may have been leveraged by APT41 to infiltrate targeted network infrastructure, which would then be deployed with a DCSync attack that enables password hash exfiltration, a report from Security Joes showed. APT41 would exploit obtained credentials to allow post-exploitation and reconnaissance efforts, including phantom DLL hijacking and further malware execution through a socket connection. After weeks of inactivity, attackers resumed to launch an obfuscated JavaScript code that functions as a loader for a succeeding machine-fingerprinting payload targeted at devices with the '10.20.22' substring within their IP addresses. "This highlights which specific devices are valuable to the attacker, namely those in the subnets 10.20.22[0-9].[0-255]. By correlating this information with network logs and the IP addresses of the devices where the file was found, we concluded that the attacker was using this filtering mechanism to ensure only devices within the VPN subnet were affected," researchers added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.