A new threat campaign known as “ChattyGoblin” has been found targeting Southeast Asian gambling operations through the use of chatbots. According to researchers at ESET, a cybersecurity company, the campaign began in October 2021, targeting customer support agents with chatbots. ESET traced the campaign back to threat groups backed by China. ChattyGoblin’s primary weapons of choice include chat applications like Comm100 and LiveHelp.
In March of this year, ESET discovered a particular ChattyGoblin attack against a gambling company in the Philippines. The initial dropper deployed by the attackers was named “agentupdate_plugins.exe,” written in C#. The dropper deployed a second C# executable based on the SharpUnhooker tool. The SharpUnhooker tool then downloaded the ChattyGoblin attack’s second stage, stored in a passreplace-protected ZIP archive. The final payload was a Cobalt Strike beacon using duckducklive[.]top as its C&C server.
The use of chatbots to target customer support agents is a new tactic in cyberattacks, making ChattyGoblin a concerning threat. The chatbots are used to infiltrate a victim’s network, steal sensitive data and user credentials, and ultimately gain access to other systems, allowing attackers to cause significant damage to targeted organizations.
ChattyGoblin’s target industries, the Southeast Asian casinos, are notorious for their cyber vulnerabilities. These casinos regularly handle large volumes of customer data, including financial and personal information. They are also among the most lucrative industries in their respective regions, making them prime targets for cybercriminals and nation-state threat actors.
Moreover, chat applications like Comm100 and LiveHelp are commonly used by e-commerce businesses and other online marketplaces, posing a risk that extends beyond the gambling industry. Therefore, it is essential that businesses using these chat applications harden their defenses against attacks that employ chatbots.
In conclusion, the rise of ChattyGoblin and its targeting of Southeast Asian casinos should serve as a wake-up call to organizations globally. Companies must allocate more resources to improve their digital security posture and stay ahead of these sophisticated cyberattacks. This may involve investing in tools such as artificial intelligence-based threat detection and prevention software and increasing employee awareness of cybersecurity risks. By taking proactive measures, organizations can better protect themselves from potential cyber threats and ensure that they can continue to operate securely and efficiently.
<< photo by Hatice Baran >>
You might want to read !
- “PrivateGPT: An AI Solution for Secure Chatting in ChatGPT Platform”
- “Hackers to Push AI to its Limits in Upcoming Mass Event”
- Former Ubiquiti Employee Sentenced to Prison for Posing as a Hacker in High-Stakes Cybersecurity Scheme
- A Call for Age Verification: A Clash Between Privacy and Industry Standards
- Data Privacy Concerns Prompt Companies to Improve Deletion Practices