Chinese Hackers Target German Gambling Firms Once Again
German online casinos are once again targeted by Chinese hackers in an effort to stall international competition by infiltrating their back-end frameworks. Groups of Chinese hackers are often on the radar of international police, and suspected connections to the government has also caused friction with other nations, especially America. However, this case stands out among others as a series of events transpiring around a German casino and how hackers managed to infiltrate their system and wreak havoc upon their business.
An unnamed German casino group have been targeted by Chinese hackers attempting to seize control of data and infect their intranet systems with malware. The Winnti Group are well known for attacks on European businesses. ©Leslin_Lia/Pixabay
While it is rare for foreign hackers to target European casinos, the Winnti Group have meddled in German affairs in the past, prompting a full-on investigation by German media outlets in collaboration with government departments. A new crudely developed malware has surfaced named ‘BIOPASS RAT’, an extremely dangerous software capable of corrupting entire computer networks. It can also infect IP addresses that visit the host website, enabling it to spread from one computer to the next effortlessly.
In many cases, their infiltration has been described as a watering hole attack, a term used to describe security exploits where the hackers infect websites members of the targeted group are known to visit. This enables them to gain control over the entire network, effectively leaving the business at their mercy. In particular, past attacks have targeted important Chinese officials intending to acquire access to the personal devices of the targeted individuals.
A report published by security firm Trend Micro described the attacks on German casinos as reckless and most likely the result of boredom relating to a younger individual/group. Notable trends in the attack were the constant infiltration of messaging services such as Facebook and WhatsApp. Several important members of the company’s board had their information de-privatized due to the hackers’ wave of exploits.
The Winnti Group has taken responsibility as the main culprit behind the German casino case and the targeting of Chinese officials. Several security loopholes were breached in an effort to acquire data from instant messaging services and web browsers only found in China. Trend Micro was able to map the overall scope of the attacks that took place within two days of each other.
The Infamous Winnti Group
The Winnti Group are as elusive as they are well known; they rank among the most dangerous hacker groups in all of Asia and cybersecurity firms worldwide are familiar with them and their antics. They sometimes go by a different name, APT41, a second name for the group that has been connected to the Chinese government. The government often deploys hacker groups to disrupt international affairs and punish countries that impose trade sanctions upon them, such as the United States.
The Winnti Group aren’t normally known for targeting gambling firms. They commonly attack video game developers in America, famously blacking out Riot Games-League of Legends servers for over a week back in 2019. Now that attacks are occurring with their own borders, it only fuels the fire that the government is attacking its own people with hacking powers. American sportsbooks such as SBTech faced attacks from foreign hackers in 2020, resulting in almost 50 online betting platforms being taken down.
Now that they have claimed responsibility for taking down two German casinos online services, it begs the question, why suddenly attack a European casino? The truth is no one knows. Insufficient evidence and a lack of transparency from the targeted company make it impossible to recognize why these attacks occur. Trend Micro’s report on the topic helped to shed light on the situation from an international perspective.
The exploit used by the Winnti Group, dubbed BIOPASS RAT, drew enormous attention from security firms and developers worldwide. It has the power to view a victims screen by warping the framework of broadcasting software installed on the base machine; live-streaming apps, in general, are the main target for the virus and to infiltrate cloud-based systems with ease.
