Hackers attacked Asian online casinos

Initial access was obtained through the "processing" of the casino support service. They were sent emails to the department, in which there were .DOCX files. The subject said something like "Screenshot cannot register" or "Screenshot of an error." Inside the file there was a request to click to enlarge the picture.

The report notes that it is customary for the support service to receive screenshots, but operators should have been alerted to why they were sent in a .DOCX file, and not in the usual format, and also that some action was required just to open the picture. This is already an unusual scenario.

By clicking on the specified file, the support operator launched the program that installed the virus. It allowed to steal passwords, databases, source codes and other technical information, as well as install viruses for other purposes.

Trend Micro has found that these attacks have links to Chinese hackers known as Winnti. They have been taking gambling sites for many years, and in 2009 they were credited with stealing virtual money from games, which were then sold for real money.

You might also like