You can bet that nobody saw this coming, except perhaps the house. A cyber attack campaign originating from China has been relentlessly targeting the Southeast Asian gambling sector. It’s no high roll of the dice, but rather a calculated risk to deploy Cobalt Strike beacons on compromised systems. Now that’s a bad hand if I’ve ever seen one.
But who’s dealing this rotten hand? Well, according to the cyber sleuths at SentinelOne, the way the attackers are playing the game gives out hints about the perpetrator. The TTPs point toward a threat actor tracked as Bronze Starlight. It’s not winning any popularity contests in the cyber world, but it sure does have a knack for causing trouble.
Bronze Starlight, also known as Emperor Dragonfly or Storm-0401, seems to have a liking for shorter-lived domains. It’s like a game of hide and seek, but instead of the usual neighborhood kids, replace them with dangerous cyberattack tools. Definitely not the kind of playdate we were hoping for.
In a nutshell, or should we say, in a poker chip, the Southeast Asian gambling sector has found itself in the crosshairs of an ongoing cyber attack from China. The main thrust of the attack involves deploying Cobalt Strike beacons on infiltrated systems. The tactics used suggest that this is the handiwork of Bronze Starlight, a cyberthreat actor famous for its use of short-lived domains. Clearly, this is one game where we’re all hoping the house wins.
Original Article: https://thehackernews.com/2023/08/china-linked-bronze-starlight-group.html
No products in the cart.