GambleForce: New Cyber Threat Unleashes SQL Attacks in Asia-Pacific

In the rapidly evolving digital landscape of the Asia-Pacific region, a new cyber threat has emerged. Dubbed GambleForce, this hacker group has garnered attention by deploying SQL injection attacks against a wide array of industries. Since September 2023, they have targeted organizations across key sectors such as gambling, government, retail, and travel.

Employing basic but effective techniques, GambleForce has infiltrated vulnerable website content management systems (CMS), particularly Joomla. They exploit vulnerabilities like the one tracked as CVE-2023-23752 to gain unauthorized access and exfiltrate sensitive information, including user credentials.

Interestingly, their tools of choice—open-source utilities like dirsearch, sqlmap, tinyproxy, and redis-rogue-getshell—are complemented by the Cobalt Strike post-exploitation framework. Alarmingly, the version of Cobalt Strike utilized by GambleForce contains Chinese commands, stirring speculation regarding the group’s origins.

Cybersecurity firm Group-IB, headquartered in Singapore, reports that GambleForce has penetrated systems of 24 companies throughout Australia, Brazil, China, India, Indonesia, the Philippines, South Korea, and Thailand, completing six successful attacks thus far. The group operates with precision, although their endgame remains shrouded in uncertainty.

Furthermore, Group-IB’s relentless defense against this cyber menace led to the takedown of GambleForce’s command-and-control (C2) server. They have notified the affected parties, helping to stem the tide of this reckless intrusion. Nevertheless, this serves as a warning bell for companies to fortify their cybersecurity measures.

SQL injection remains a prevalent attack vector. At its core, this practice exploits weaknesses in web applications due to insecure coding, incorrect database settings, or outdated software. Vigilance and continuous updates are critical in repelling such attacks.

As the digital age progresses, organizations must remain vigilant and proactive, understanding that robust cybersecurity is not just a luxury but a necessity. The activities of groups like GambleForce underscore this undeniable truth: in the realm of cyber warfare, attackers are persistent, and so must be the defense.