All products
A recent investigation has uncovered a massive infrastructure that has been deceiving unsuspecting individuals through fraudulent online gambling websites for over 14 years. According to researchers, this operation is likely a dual entity run by a nation-state-sponsored group, targeting government and private-industry organizations in the US and Europe. The scope of this operation is staggering, with a complex network of compromised websites, hijacked subdomains, and attacker-owned domains.
Uncovering the Infrastructure
Previous research had shed light on smaller components of this enormous infrastructure. For instance, security firm Sucuri reported that the operation compromises poorly configured websites running the WordPress CMS, while Imperva revealed that the attackers exploit web apps built with the PHP programming language that have existing webshells or vulnerabilities. Once these weaknesses are exploited, the attackers install a GSocket, a backdoor used to compromise servers and host gambling web content on them. Notably, all the gambling sites target Indonesian-speaking visitors, likely due to the country’s prohibition on gambling.
Scope and Complexity
The researchers from security firm Malanta have now revealed that the network is much bigger and more complex than previously known. With an estimated 328,000 separate domains, comprising 236,000 addresses purchased by the attackers and 90,000 commandeered by compromising legitimate websites, the operation has been ongoing for 14 years. Additionally, nearly 1,500 hijacked subdomains from legitimate organizations have been identified. The tremendous amount of time and resources invested in creating and maintaining this infrastructure suggests that it may serve nation-state hackers targeting a wide range of organizations, including those in manufacturing, transport, healthcare, government, and education.
Financial and Strategic Implications
The estimated annual cost of maintaining this infrastructure ranges from $725,000 to $17 million, indicating a significant investment of resources. This raises questions about the motivations and goals of the operation, which may extend beyond financial gain. As researchers continue to unravel the complexities of this network, it becomes increasingly clear that the implications are far-reaching and may have significant consequences for organizations and individuals alike.
For more information on this developing story, please visit Here
Image Credit: arstechnica.com