A newly identified hacking group has been targeting gambling companies in Asia, the Middle East and Europe, using backdoors to steal source code and other data, according to new research from security firm Trend Micro. They call this newly discovered advanced persistent threat group "DRBControl."
The exfiltrated data was mostly composed of databases and source codes, which leads us to believe that the campaign is used for cyberespionage or gaining competitive intelligence. The attacks associated with DRBControl start with a spear-phishing email that targets individuals or departments within a company, according to the report. In several cases, it appears the hacking group targeted companies' customer support team. The phishing emails that Trend Micro examined came with attached Microsoft Word documents that also contained screenshots meant to show a problem to customer support. Once the attachments were opened, executable files began installing malicious software in the background, the report notes.The Trend Micro researchers also noticed that there were different versions of this backdoor, including one that used Dropbox, a cloud-based file and hosting service, to connect to the command-and-control server. The DRBControl hackers also used Dropbox files to store any stolen data as well as information about the devices targeted in the attack, the report finds.