"Experts Warn of 'Ice Breaker' Cyberattacks Targeting Gaming and Gambling Industry"

Since at least September 2022, a new attack campaign has been targeting the gaming and gambling industries. The cybersecurity firm Security Joes is monitoring the activity cluster named "Ice Breaker," saying that the attacks use social engineering techniques to install a JavaScript backdoor. The threat actor poses as a customer while establishing a chat with a gaming company's support agent under the guise of having trouble with account registration. The attacker then requests that the target access a Dropbox-hosted screenshot image. The screenshot link supplied in the chat leads to the retrieval of an LNK payload or a VBScript file. The LNK payload is configured to download and execute an MSI package containing a Node.js implant. The JavaScript file possesses all the features of a typical backdoor, allowing the threat actor to enumerate running processes, steal passwords and cookies, exfiltrate arbitrary files, take screenshots, execute VBScript imported from a remote server, and launch a reverse proxy on the compromised host. This article continues to discuss findings regarding the Ice Breaker cyberattacks. 

THN reports "Experts Warn of 'Ice Breaker' Cyberattacks Targeting Gaming and Gambling Industry"