Group-IB reports a newly discovered threat actor that has reportedly been active since September 2023. The actor has been dubbed "GambleForce."
Reportedly, the actor attempted 24 attacks, with six being successful against travel businesses in Australia and Indonesia, an Indonesian retail company, a South Korean gambling business, and the Philippines government.
According to the Group-IB analysis, the actor displays low sophistication, leveraging SQL injection with the purpose of exfiltrating data. The primary interest appears to be the gambling industry.
At the moment, the GambleForce infrastructure has been taken down by Group-IB. However, their capabilities may be rebuilt.