A beforehand unknown hacker outfit known as GambleForce has been attributed to a collection of SQL injection assaults towards corporations primarily within the Asia-Pacific (APAC) area since not less than September 2023.
“GambleForce makes use of a set of fundamental but very efficient methods, together with SQL injections and the exploitation of weak web site content material administration methods (CMS) to steal delicate data, resembling consumer credentials,” Singapore-headquartered Group-IB mentioned in a report shared with The Hacker Information.
The group is estimated to have focused 24 organizations within the playing, authorities, retail, and journey sectors throughout Australia, Brazil, China, India, Indonesia, the Philippines, South Korea, and Thailand. Six of those assaults had been profitable.
Beat AI-Powered Threats with Zero Belief – Webinar for Safety Professionals
Conventional safety measures will not lower it in at this time’s world. It is time for Zero Belief Safety. Safe your information like by no means earlier than.
The modus operandi of GambleForce is its unique reliance on open-source instruments like dirsearch, sqlmap, tinyproxy, and redis-rogue-getshell at totally different levels of the assaults with the last word aim of exfiltrating delicate data from compromised networks.
Additionally utilized by the menace actor is the respectable post-exploitation framework referred to as Cobalt Strike. Curiously, the model of the device found on its assault infrastructure used instructions in Chinese language, though the group’s origins are removed from clear.
The assault chains entail the abuse of victims’ public-facing functions of victims by exploiting SQL injections in addition to the exploitation of CVE-2023-23752, a medium-severity flaw in Joomla CMS, to realize unauthorized entry to a Brazilian firm.
It is at present not identified how GambleForce leverages the stolen data. The cybersecurity agency mentioned it additionally took down the adversary’s command-and-control (C2) server and notified the recognized victims.
“Internet injections are among the many oldest and hottest assault vectors,” Nikita Rostovcev, senior menace analyst at Group-IB, mentioned.
“And the reason is is that generally builders overlook the significance of enter safety and information validation. Insecure coding practices, incorrect database settings, and outdated software program create a fertile setting for SQL injection assaults on internet functions.”
