Updated on 2022-10-21
Kaspersky’s GReAT team has published a report this week on DiceyF, an advanced persistent threat actor that has been targeting online casinos and their dev environments across Southeast Asia.
“Our research shows overlap with LuckyStar PlugX, a supply chain incident privately reported. TTPs, secure messaging client abuse, malware, and targeting demonstrate that this set of activity and resources align with Earth Berberoka/GamblingPuppet activity discussed at Botconf 2022 by Trend Micro researchers, also discussed as an unknown or developing cluster by other vendors. Prior to “Operation Earth Berberoka,” Trend Micro reported on “Operation DRBControl,” which also aligns with this activity and resource set.”
Kaspersky spotted the DiceyF hacking group dropping a malicious attack framework, dubbed GamePlayerFramework, against online casinos in Southeast Asia, since at least November 2021. Read more: DiceyF deploys GamePlayerFramework in online casino development studio