Security News > 2022 > October > Hackers target Asian casinos in lengthy cyberespionage campaign
A hacking group named 'DiceyF' has been observed deploying a malicious attack framework against online casinos based in Southeast Asia since at least November 2021.
According to a new report by Kaspersky, the DiceyF APT group does not appear to be targeting financial gains from the casinos but instead conducting stealthy cyberespionage and intellectual property theft.
The framework features payload downloaders, malware launchers, plugins, remote access modules, keyloggers, clipboard stealers, and more.
After the framework is loaded on the target's machine, it connects to the C2 server and sends XOR-encrypted heartbeat packets every 20 seconds, containing the victim's username, user session status, size of collected logs, and current date and time.
The C2 can respond with a set of 15 commands that may order the framework to collect additional data, execute a command on "Cmd.exe", update the C2 configuration, and download a new plugin.
To make the tool even stealthier against security tools, the threat actors have signed it with a stolen valid digital certificate, the same one used for the framework too.