DRBControl: Talent-Jump and Trend Micro have both released research after two different websites were confirmed to be hacked by what appears to be the same group. The threat group, called DRBControl by researchers, is believed to be based in China. Trend Micro reported that the DRBControl group’s tactics and tools overlap with the Winnti and Emissary Panda threat groups. The websites that were attacked were located in southeast Asia, and there are rumors that websites in the Middle East and Europe were also targeted. No money was taken in the attack. Source code and databases were stolen, leading researchers to believe that these attacks were espionage-based rather than financially motivated. The group carried out these attacks by targeting employees of the companies with spear-phishing emails that lead to a Dropbox account that delivers a Remote Access Trojan (RAT), infecting the target and giving the threat actor a backdoor into the company.
Researchers stated they were able to keep a close eye on the group between July and September 2019, and at one point there were over 200 computers infected by malware delivered through the Dropbox account. It is unclear what the reasoning behind the attacks was, but it is not uncommon to target gambling websites because of the high value of information available on the network. Utilizing a monitoring service such as Binary Defense Managed Endpoint Detection and Response is crucial for defending against attacks like these because it would be able to notice the attack when it first starts, limiting the threat actors’ capabilities and stopping them from stealing information. More information can be found here: https://www.zdnet.com/article/chinese-hackers-have-breached-online-betting-and-gambling-sites/