Chinese Hackers Targeting SEA Gambling Industry Using Known Valid Certificate

The China-linked APT group named 'Bronze Starlight' targeted the Southeast Asian gambling industry with malware using a legitimate certificate from Ivacy VPN provider. This valid certificate helps them avoid suspicion, bypass security, and appear as legitimate software. SentinelLabs found that the certificate is owned by PMG PTE LTD, a Singaporean vendor of 'Ivacy VPN.' These cyberattacks in March 2023 are likely part of 'Operation ChattyGoblin,' previously identified by ESET in a report spanning Q4 2022 to Q1 2023. However, due to tool-sharing among Chinese threat actors, specific attribution is difficult, as noted by SentinelLabs. Read more...