"Researchers have previously tracked smaller pieces of the enormous infrastructure. Last month, security firm Sucuri reported that the operation seeks out and compromises poorly configured websites running the WordPress CMS. Imperva in January said the attackers also scan for and exploit Web apps built with the PHP programming language that have existing webshells or vulnerabilities. Once the weaknesses are exploited, the attackers install a GSocket, a backdoor the attackers use to compromise servers and host gambling Web content on them."
"All of the gambling sites target Indonesian-speaking visitors. Because Indonesian law prohibits gambling, many people in that country are drawn to illicit services. Most of the 236,433 attacker-owned domains hosting the gambling sites are hosted on Cloudflare. Most of the 1,481 hijacked subdomains were hosted on AWS, Azure, and GitHub. On Wednesday, researchers from security firm Malanta said those details are only the most visible signs of a malicious network that's actually much bigger and more complex than previously known."
A sprawling infrastructure has bilked unsuspecting people through Indonesian-language fraudulent gambling websites for 14 years while appearing to support broader nation-state operations against government and private organizations in the US and Europe. The operation compromises poorly configured WordPress sites and vulnerable PHP web apps, installs a GSocket backdoor to take over servers, and hosts illicit gambling content to exploit prohibition-driven demand. The network comprises roughly 328,000 domains — about 236,000 purchased and 90,000 commandeered from legitimate sites — with attacker-owned domains concentrated on Cloudflare and many hijacked subdomains on major cloud platforms. The infrastructure supports targeting across manufacturing, transport, healthcare, government, and education.
#nation-state-cyberespionage #fraudulent-gambling-sites #wordpress-php-exploitation #gsocket-backdoor
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]