ONLINE “Ice Breaker”, cyberattacks targeting gaming and gambling industry 2 years ago Szarlot Post Views: 345 A new attack campaign has targeted the gaming and gambling sectors since at least September 2022, just months prior to the ICE London 2023 gaming industry trade fair event that’s scheduled next week. Israeli cybersecurity company Security Joes is tracking the activity cluster under the name Ice Breaker, stating the intrusions employ clever social engineering tactics to deploy a JavaScript backdoor. The attack sequence proceeds as follows: The threat actor poses as a customer while initiating a conversation with a support agent of a gaming website and urges the individual on the other end to open a screenshot image hosted on Dropbox. Security Joes said that the threat actor is “well-aware of the fact that the customer service is human-operated.” Clicking the malicious link sent in the chat leads to the retrieval of an LNK payload or, alternatively, a VBScript file as a backup option, the former of which is configured to download and run an MSI package containing a Node.js implant. The JavaScript file has all the features of a typical backdoor, enabling the threat actor to enumerate running processes, steal passwords and cookies, exfiltrate arbitrary files, take screenshots, run VBScript imported from a remote server, and even open a reverse proxy on the compromised host. Should the VBS downloader be executed by the victim, the infection culminates in the deployment of Houdini, a VBS-based remote access trojan that dates back to 2013. The threat actors’ origins are currently unknown, although they have been observed using broken English during their conversations with customer service agents. Some indicators of compromise (IoCs) associated with the campaign were previously shared by the MalwareHunterTeam in October 2022. “This is a highly effective attack vector for the gaming and gambling industry. The never-seen-before compiled JavaScript second stage malware is highly complex to dissect, showing that we are dealing with a skilled threat actor with the potential of being sponsored by an interest owner.” – Felipe Duarte, senior threat researcher at Security Joes, said. Source: thehackernews.com About Post Author Szarlot I am a fan of casino games especially roulette and blackjack. After that I analyze current events in the gambling industry. See author's posts SzarlotI am a fan of casino games especially roulette and blackjack. After that I analyze current events in the gambling industry. Facebook Twitter LinkedIn Email Print Tags: Cyberattacks, Ice Breaker, Security Joes Continue Reading Previous The State of Gaming and E-sport Space in AfricaNext TVBET enhances its iGaming footprint through St8 partnership More Stories ONLINE UGANDA Majestic Safari Slot Game X Safari Star Tournament 4 days ago Iwo Bulski ONLINE WORLD NEWS Pragmatic Play’s virtual sports content live with Chapinbet 5 days ago Iwo Bulski ONLINE WORLD NEWS Endorphina Partners with R. Franco Digital to Expand Reach 7 days ago Iwo Bulski ONLINE SOUTH AFRICA Sunbet deepens online gaming offering through extension of partnership with Bede Gaming 1 week ago Samuel ONLINE UGANDA What Sets Buffalo Slots Apart from Other Online Casinos 2 weeks ago Iwo Bulski GAMES ONLINE Pragmatic Play unveils festive cheer with Big Bass Xmas Xtreme 2 weeks ago Iwo Bulski ONLINE SOUTH AFRICA South Africa’s growing online gambling market: challenges and potential 2 weeks ago Samuel NIGERIA ONLINE Game of Chance in Nigeria: Reasons for Popularity 2 weeks ago Samuel ONLINE SOUTH AFRICA Booming Games Partners with Hollywoodbets to Launch Immersive Slots Games in South Africa 2 weeks ago Samuel ONLINE The Future of Mobile Casinos: Trends and Innovations to Watch 2 weeks ago Samuel ONLINE SOUTH AFRICA LUMA launches game-changing legal services platform in South Africa 2 weeks ago Samuel ONLINE SOUTH AFRICA SouthAfricanCasinos.Co.Za Votes Punt Casino “Best No Download Casino 2024” 2 weeks ago Samuel Leave a Reply Cancel replyYour email address will not be published. Required fields are marked *Comment * Name * Email * Website Save my name, email, and website in this browser for the next time I comment. Δ This site uses Akismet to reduce spam. Learn how your comment data is processed.