(Credit: René Ramos; FabrikaSimf/Shutterstock.com)
LAS VEGAS—Threat intelligence firm Infoblox has uncovered a money laundering and human trafficking network operating throughout Southeast Asia via online gambling sites.
Infoblox presenters here at Black Hat said they established a link between a well-known gambling site catering to Asian users and Yabo Sports.
The betting platform shuttered in 2022 following a scandal that saw it sign sponsorship deals with French, Spanish, and other European football teams to establish legitimacy with gamblers. But Infoblox claims the mysterious network that used to run Yabo Sports also runs several other gambling websites that are part of a criminal enterprise targeting Chinese victims.
Infoblox made the connection by looking at domain nameserver information. The websites, along with several other betting platforms, were all developed by the same group, which Infoblox is calling "Vigorish Viper."
Viper's tech suite is as interesting as it is nefarious. Senior Threat Researcher Maël Le Touz showed that Viper uses DNS-based traffic distribution systems (TDS), which are good at detecting curious security personnel sniffing around the sites or anyone who isn't from China. The TDS even detected and filtered VPN activity in Infobox's tests.
Forced Labor Behind Gambling Sites
Dr. Renée Burton, VP of threat intelligence at Infoblox, said the group offers jobs or other incentives to Chinese residents of Southeast Asia.
"They want native Chinese people to pull in other Chinese victims," said Burton. "They pull them in with an offer of a job, kidnap them, take passports, and put them to work."
The work the victims do involves running online enterprises, which include web hosting, payment processing, mobile apps, and live chat functions for gambling websites. "For example, human trafficking victims in forced labor camps linked to Yabo on the Cambodia–Laos border must 'staff' gambling operations and run so-called pig butchering scams," Infoblox said in a recent report.
Gambling is largely illegal in China, but citizens bet nearly $850 billion each year, Infoblox notes.
The criminal activity described by the Infoblox researchers at Black Hat is yet another incident in a growing list of major cybercrime cases in East and Southeast Asian countries. "The full scope of crimes by Vigorish Viper (and, by implication, Yabo) is unknown to us," Infoblox says.
According to a January report from the United Nations, "the development of scalable and digitized solutions has supercharged the criminal business environment across Southeast Asia." The internet makes it incredibly easy for criminal groups to use a variety of tools to track and target new users, reel them in with promises of quick cash or entertainment, and then drain them of their funds using illegal gambling operations or mobile apps that function more like spyware. If it sounds too good to be true, it probably is.