"Operation ChattyGoblin: Hackers Targeting Gambling Firms via Chat Apps"

In a campaign that has been ongoing since October 2021, a China-aligned threat actor has targeted a gambling company in the Philippines. The cybersecurity company ESET is tracking the attacks against Southeast Asian gambling companies under the name Operation ChattyGoblin. According to ESET, these attacks target the support agents of victim companies via chat applications, specifically the Comm100 and LiveHelp100 apps. CrowdStrike first documented the use of a Trojanized Comm100 installer to deliver malware in October 2022. The company attributed the supply chain compromise to a potentially China-linked threat actor. The attack chains use the chat applications to deliver a C# dropper, which in turn deploys a second C# executable that ultimately serves as a conduit to drop a Cobalt Strike beacon on compromised workstations. Also highlighted in ESET's APT Activity Report Q4 2022–Q1 2023 are attacks against South Asian government institutions by threat actors Donot Team and SideWinder with ties to India. This article continues to discuss researchers' findings regarding Operation ChattyGoblin.

THN reports "Operation ChattyGoblin: Hackers Targeting Gambling Firms via Chat Apps"