Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
The group attacks companies in the Asia-Pacific region using the usual pentesting tools.
The new hacker group GambleForce uses primitive and outdated attack methods to break into government agencies and companies in the Asia-Pacific region. This is reported by Singapore-based cybersecurity firm Group-IB .
GambleForce has been operating since September 2023 and was initially aimed at the gambling business. However, hackers have recently expanded the scope of their interests, hacking government websites, travel companies and online stores. So far, there are 20 known victims, mostly based in Australia, China, Indonesia, the Philippines, India, South Korea, Thailand and Brazil.
For attacks, attackers use a set of publicly available pentesting tools. At the same time, they do not make any unique modifications to them and leave almost all the default settings.
The main method of infection is SQL injection – one of the oldest techniques used by an attacker to inject malicious SQL code into database queries. According to experts, many companies are still vulnerable to this threat due to the fact that they do not eliminate fundamental flaws in their protection.
The targets of GambleForce attacks are still unclear. In some cases, hackers stopped the attack after conducting intelligence, and in others, they successfully extracted user data, including logins, hashed passwords, and table lists from available databases.
After detecting GambleForce activity, the researchers disabled the command and control server used by hackers. However, they believe that the attackers are likely to easily restore the infrastructure and continue their activities.
Although the Group-IB command does not link GambleForce to any particular country, Chinese words were detected in the code that the group uses. But, of course, this is not enough to determine its origin.
The new hacker group GambleForce uses primitive and outdated attack methods to break into government agencies and companies in the Asia-Pacific region. This is reported by Singapore-based cybersecurity firm Group-IB .
GambleForce has been operating since September 2023 and was initially aimed at the gambling business. However, hackers have recently expanded the scope of their interests, hacking government websites, travel companies and online stores. So far, there are 20 known victims, mostly based in Australia, China, Indonesia, the Philippines, India, South Korea, Thailand and Brazil.
For attacks, attackers use a set of publicly available pentesting tools. At the same time, they do not make any unique modifications to them and leave almost all the default settings.
The main method of infection is SQL injection – one of the oldest techniques used by an attacker to inject malicious SQL code into database queries. According to experts, many companies are still vulnerable to this threat due to the fact that they do not eliminate fundamental flaws in their protection.
The targets of GambleForce attacks are still unclear. In some cases, hackers stopped the attack after conducting intelligence, and in others, they successfully extracted user data, including logins, hashed passwords, and table lists from available databases.
After detecting GambleForce activity, the researchers disabled the command and control server used by hackers. However, they believe that the attackers are likely to easily restore the infrastructure and continue their activities.
Although the Group-IB command does not link GambleForce to any particular country, Chinese words were detected in the code that the group uses. But, of course, this is not enough to determine its origin.
