Fraudulent gambling network may be a nation-state spying operation

A complex network of fraudulent gambling websites has been discovered, allegedly operating for 14 years and serving as a cover for a nation-state-backed espionage initiative. Researchers have revealed that this vast operation is targeting both government and private sector entities across the United States and Europe. Security experts have tracked various components of this extensive infrastructure, which primarily seeks out and exploits vulnerabilities in poorly configured WordPress websites. A recent report from Sucuri highlighted how these attackers are also scanning for web applications built with the PHP programming language that possess existing weaknesses or webshells. By taking advantage of these flaws, they install a GSocket—a backdoor that allows them to compromise servers and host their illicit gambling content. The gambling sites predominantly cater to Indonesian-speaking users, as gambling is illegal in Indonesia, creating a demand for underground services. Researchers have identified a staggering 236,433 domains controlled by the attackers, with the majority hosted on Cloudflare. Additionally, 1,481 subdomains that were hijacked were found on platforms like AWS, Azure, and GitHub. On Wednesday, cybersecurity firm Malanta provided further insights, asserting that these visible elements represent only a fraction of a much larger and intricate malicious network. It appears that the operation is not merely driven by financial gain but also serves as a strategic tool for nation-state hackers, targeting a diverse array of sectors including manufacturing, transportation, healthcare, government, and education. The speculation surrounding this network stems from the significant investment of time and resources devoted to its establishment and upkeep over 14 years. This includes an astonishing 328,000 domains, which consist of 236,000 purchased by the attackers and 90,000 acquired through the compromise of legitimate sites. Furthermore, nearly 1,500 subdomains belong to authentic organizations. Malanta estimates the annual cost of maintaining such an extensive operation could range from $725,000 to $17 million.