Operation ChattyGoblin: Hackers Targeting Gambling Firms via Chat Apps

2023-05-09 13:29

Slovak cybersecurity firm ESET is tracking the series of attacks against Southeast Asian gambling companies under the name Operation ChattyGoblin.

"These attacks use a specific tactic: targeting the victim companies' support agents via chat applications - in particular, the Comm100 and LiveHelp100 apps," ESET said in a report shared with The Hacker News.

The attack chains leverage the aforementioned chat apps to distribute a C# dropper that, in turn, deploys another C# executable, which ultimately serves as a conduit to drop a Cobalt Strike beacon on hacked workstations.

It's worth noting that Microsoft recently attributed Storm-0133, an emerging threat cluster affiliated to Iran's Ministry of Intelligence and Security, to attacks exclusively targeting Israeli local government agencies and companies serving the defense, lodging, and healthcare sectors.

The Lazarus Group, in February 2023, is also said to have breached a defense contractor in Poland via fake job offers to initiate an attack chain that weaponizes a modified version of SumatraPDF to deploy a RAT called ScoringMathTea and a sophisticated downloaded codenamed ImprudentCook.

The Russian cybersecurity company also called attention to the discovery of a new Lua-based malware strain referred to as DreamLand targeting a government entity in Pakistan, marking one of the rare instances where an APT actor has used the programming language in active attacks.

News URL

https://thehackernews.com/2023/05/operation-chattygoblin-hackers.html

#chat #hacker