China's Ministry of State Security Accused of Hacking Online Gaming Websites
Someone might be spying on your gaming sessions when you log onto an online casino. A recent study discovered that governments, telecom companies, and online gambling operators in at least 17 nations have suffered cyberattacks. These were allegedly carried out by hackers linked to China’s Ministry of State Security, a reportedly civilian intelligence agency, starting in 2021.
The team at Insikt Group, a threat research division of global threat analysis firm Recorded Future, has been investigating RedHotel, an advanced cyber-espionage group believed to be backed by China. This group is infamous for orchestrating numerous complex malware attacks and spying operations targeting various countries in Southeast Asia and Asia.
The Insikt Group discovered a network spanning through numerous countries, including Afghanistan, Bangladesh, Cambodia, Hong Kong, India, Malaysia, Palestine, the Philippines, Taiwan, the United States, and Vietnam. The hackers mainly aimed their attacks at significant political institutions, but it seems online gambling platforms were given the same level of attention.
A Global Threat No One Notices
Recorded Future's Jon Condra, who leads the organization's Strategic and Persistent Threats team and co-wrote the report, emphasized RedHotel's significant role as a strong advocate for the Chinese state. Their support extends to multiple organizations worldwide and encompasses various industries. Both Microsoft and SecureWorks monitor the group.
Their list of alleged victims includes pro-democracy organizations in Hong Kong, research institutions in Taiwan, religious minorities, and online gaming companies. Condra notes that RedHotel hacked into an unidentified U.S. state government in 2022 and regularly conducts “intelligence gathering in conjunction with economic espionage.”
Condra adds that the group is most likely based in the Chinese city of Chengdu and is just one of several groups the Chinese government supports. These efforts are designed to bolster China's military capabilities and reinforce their economic dominance.
Governments in Southeast Asia face a significant risk from the group. However, RedHotel is reportedly shifting its focus toward other sectors such as education, aviation, media, communications, and research and development.
Researchers claim that the group's primary goal is to collect information and engage in financial spying. They indicate that other organizations have been conducting investigations into the group's cyberattacks since 2019.
In addition to trying to access legislative bodies in the U.S., the group has previously targeted entities involved in scientific research on COVID-19. Condra describes RedHotel as "one of the most active and prolific Chinese state-sponsored groups that Recorded Future tracks, and they target organizations globally across a wide range of industry verticals."
How RedHotel Operates
According to Recorded Future, Chengdu has emerged as a central hub for China’s APT initiatives. The groups reportedly have connections with Chinese businessmen and local universities to help further their cause.
Based on historical patterns, we anticipate RedHotel to continue these actions without interruption, as the group has demonstrated a high risk tolerance even in the face of public industry reporting.
Chinese hackers typically use a variety of malware in their attacks, including well-known types of software that cybersecurity experts have already recognized. They also employ custom malware that can be more challenging to track.
RedHotel first tries to identify a victim who is vulnerable to an attack. For years, according to Reported Future, it used malware that Windows systems considered a legitimate Microsoft troubleshooting product.
Once it gains access, the malware begins to retrieve data and sends it to the group. The software remains on the system, continuously collecting information, even “for months or even years after public reporting."
Recent reports suggest that government infrastructures may already have been compromised. The New York Times reported that Chinese malware was found on "critical" military systems. The Washington Post revealed that China has infiltrated the "highest levels" of the Japanese government.
