Over the past 14 years, researchers from the Malanta platform have uncovered a huge cyber infrastructure that served illegal Indonesian gambling sites and was used as a hidden network of cybercriminal management and anonymisation. 

According to the study, about 328 thousand domains were registered in this network: about 236 thousand purchased domains, 90 thousand hacked sites and about 1.5 thousand hacked subdomains.

Thousands of malicious Android applications, 38 GitHub accounts with web shells and more than 51 thousand stolen credentials were also found. These domains mimicked popular services (Lazada, Envato, eBay, etc.) and were used for phishing, malware distribution, and traffic redirection.

The masking technique is especially dangerous: attackers installed NGINX proxies on hacked government and corporate subdomains, where they actually ended HTTPS sessions (TLS termination) and transparently forwarded traffic to their servers — this allowed them to steal cookies, replace pages and hide command-and-control (C2) traffic under the guise of legitimate traffic. 

The authors note that in terms of scale, automation, and consistency of operations, the network is more like the action of an advanced, possibly state-level group, rather than a random set of scammers.

Register at AffRoom, the networking hub for affiliates and iGaming enthusiasts!
Indonesia Strengthens Online Gambling Sites Ban: More Than 2 Million Blocked
What do you think?
Super
0
Super
Like
0
Like
Neutral
0
Neutral
Sad
0
Sad
Skeptical
0
Skeptical