An advanced persistent threat (APT) group of Chinese origin codenamed DiceyF has been linked to a string of attacks aimed at online casinos in Southeast Asia for years.
Russian cybersecurity company Kaspersky said the activity aligns with another set of intrusions attributed to Earth Berberoka (aka GamblingPuppet) and DRBControl, citing tactical and targeting similarities as well as the abuse of secure messaging clients.
“Possibly we have a mix of espionage and [intellectual property] theft, but the true motivations remain a mystery,” researchers Kurt Baumgartner and Georgy Kucherin said in a technical write-up published this week.
The starting point of the investigation was in November 2021 when Kaspersky said it detected multiple PlugX loaders and other payloads that were deployed via an employee monitoring service and a security package deployment service.
images from Hacker News