• About Us
  • Editorial Team
  • Cyber ​​Media Guidelines
  • Karir
  • Kontak
Thursday, July 16, 2026
AsiaToday.id
  • HOME
  • NEWS
  • BUSINESS
  • GREEN ENERGY
  • TRAVEL
  • EVENT
  • SCIENCE & ENVIRONMENT
  • CORPORATION
  • FORUM
No Result
View All Result
  • HOME
  • NEWS
  • BUSINESS
  • GREEN ENERGY
  • TRAVEL
  • EVENT
  • SCIENCE & ENVIRONMENT
  • CORPORATION
  • FORUM
No Result
View All Result
AsiaToday.id
No Result
View All Result
Home News

New Hacker Group GambleForce Targets Government and Gambling sites in Asia Pacific

by Redaksi Asiatoday
December 14, 2023
in News
Reading Time: 2 mins read
A A
0
New Hacker Group GambleForce Targets Government and Gambling sites in Asia Pacific

Distribution of GambleForce’s targets by industries and countries. Source: Group-IB Threat Intelligence. Special

ASIATODAY.ID, SINGAPORE – Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, has discovered a previously unknown threat actor codenamed GambleForce (tracked under the name EagleStrike GambleForce in Group-IB’s Threat Intelligence Platform).

Group-IB’s Threat Intelligence unit can confirm that, since emerging in September 2023, the group has targeted more than 20 gambling, government, retail and travel websites in Australia, China, India, Indonesia, Philippines, South Korea, Thailand, and Brazil.

GambleForce uses a set of basic yet very effective techniques, including SQL injections and the exploitation of vulnerable website content management systems (CMS) to steal sensitive information, such as user credentials. The name, GambleForce, was coined due to the group’s initial targets being from the gambling industry.

RelatedPosts

Danantara Indonesia Enters Global Sovereign Wealth Fund Network

OPEC+ Builds New Energy Alliance

Asia at a Turning Point: IMF Urges the Region to Prepare for a New Economic Order

GambleForce’s command and control server (CnC), which was discovered by Group-IB’s Threat intelligence team, was taken down by the company’s Computer Emergency Response Team (CERT-GIB). Additionally, Group-IB has issued notifications for the identified victims.

GambleForce’s CnC was initially discovered in September 2023. The server housed the gang’s tools, such as dirsearch, redis-rogue-getshell, Tinyproxy, and sqlmap. The latter is a popular open-source pentesting tool designed to identify database servers vulnerable to SQL injections and exploit them. Threat actors inject malicious SQL code into a public facing web page, which allows them to bypass default authentication and access sensitive data.

Notably, the gang relies exclusively on publicly available open-source tools for initial access, reconnaissance, and data exfiltration. GambleForce utilized another popular pentesting framework, Cobalt Strike. The version of Cobalt Strike discovered on the gang’s server used commands in Chinese. However, this fact alone is not enough to attribute the group’s origin.

According to Group-IB Threat Intelligence experts, between September 2023 and December 2023, GambleForce targeted 24 organizations in 8 countries. The gang was able to successfully compromise 6 websites from Australia (travel), Indonesia (travel, retail), Philippines (government), and South Korea (gambling).

In some attacks, GambleForce stopped at the reconnaissance stage, failing to download the data. In six attacks, the threat actor managed to obtain user databases containing logins, hashed passwords, as well as lists of main tables from accessible databases.

In almost all known attacks, GambleForce abused public-facing applications of victims by exploiting SQL injections. In one attack in Brazil, the attackers exploited CVE-2023-23752, a vulnerability in the Joomla CMS that allows threat actors to bypass security restrictions. In another attack, the threat actor managed to exfiltrate the data from requests submitted via the website’s contact form.

Rather than looking for specific data, the threat actor attempts to exfiltrate every possible piece of information within targeted databases, such as hashed and plain text user credentials. Group-IB’s Threat intelligence unit has not observed how GambleForce exploits the stolen information and continues tracking the group.

“Web injections are among the oldest and most popular attack vectors,” Nikita Rostovcev, Senior Analyst at the Advanced Persistent Threat Research Team, Group-IB, said.

“And the reason being is that sometimes developers overlook the importance of input security and data validation. Insecure coding practices, incorrect database settings, and outdated software create a fertile environment for SQL injection attacks on web applications.” (AT Network)

Check out other news and articles at Google News

Tags: Asia DigitalCyber CrimeGroup-IB
No Result
View All Result

Terbaru

  • Danantara Indonesia Enters Global Sovereign Wealth Fund Network
  • OPEC+ Builds New Energy Alliance
  • AMMAN Targets 16 Tons of Gold Output in 2026
  • Saudi Arabia’s New Tariffs Create Fresh Opportunities for Indonesia’s Export Growth
  • Gold’s Safe-Haven Era Faces a New Test
  • About Us
  • Editorial Team
  • Cyber ​​Media Guidelines
  • Karir
  • Kontak

© 2022 Asiatoday.id - Asiatoday Network.

Welcome Back!

OR

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • HOME
  • NEWS
  • BUSINESS
  • GREEN ENERGY
  • TRAVEL
  • EVENT
  • SCIENCE & ENVIRONMENT
  • CORPORATION
  • FORUM

© 2022 Asiatoday.id - Asiatoday Network.