Avast Uncovers 'Operation Dragon Castling'
A sophisticated and prolonged gambling companies cyber attack is actively targeting the online gaming sector in Southeast Asia. Cybersecurity leader Avast recently published findings on the campaign, which they have named 'Operation Dragon Castling.' This Advanced Persistent Threat (APT) has set its sights on online casinos operating in Taiwan, Hong Kong, and the Philippines.
While Avast has not pinpointed the specific individuals responsible, their analysis indicates the threat originates from a Chinese-speaking APT group. An APT is a stealthy and continuous hacking process where an unauthorized person gains access to a network and remains undetected for an extended period. The goal of an APT is typically to steal data rather than to cause damage to the network or organization.
Familiar Tactics: The MulCom Backdoor
The attackers are not using new technology. Avast researchers noted that the malicious code shares significant similarities with the MulCom backdoor, a tool associated with this particular APT group. This method is well-documented in the cybersecurity community.
A 2015 report from Palo Alto Networks already discusses this method, highlighting its long-term use in various campaigns.
Further evidence of its history comes from the BlackBerry Cylance Threat Research Team, who detailed the code in a 2017 report. Avast's investigation was triggered when an anonymous gaming company received a suspicious email. The attacker requested the company to "check for a bug in their software," a social engineering tactic to deploy the malware. While Avast cannot disclose the names of the affected businesses due to company policy, they confirm multiple companies have been targeted, signaling a broad threat to online casino security in the region.
A Global Threat to Online Casino Security
This incident in Southeast Asia gambling hubs is not an isolated event. Cyber-attacks on online casinos are a global problem, with operators in Europe and the Americas also facing constant threats. The motivations behind these attacks often involve financial extortion, where criminals demand ransom payments to cease their activities.
Common Cyber Attack Techniques
Hackers use several methods to disrupt and extort online gambling platforms:
- DDoS Attacks: A Distributed Denial-of-Service (DDoS) attack is one of the most common techniques. The attacker overwhelms a server with a flood of internet traffic, causing the website or service to crash and become inaccessible to legitimate users.
- Ransomware: In more direct hacks, attackers can breach a company's network and encrypt critical files. The website and its backend operations can no longer function until the company pays a ransom for the decryption key.
- Data Theft: The goal might not always be immediate financial gain. The hackers behind Operation Dragon Castling could be seeking sensitive corporate information or player data for other malicious purposes.
It remains unclear whether Operation Dragon Castling is a campaign of extortion or espionage. Avast's report focuses primarily on the technical vulnerabilities and the malicious code used, leaving the ultimate motive of the attackers open to speculation. Regardless, the incident serves as a stark reminder of the critical importance of robust cybersecurity measures for all companies in the online gaming industry.
