Cybersecurity Experts Warn of Cyberattacks Called 'Ice Breaker' Targeting Gambling And Gaming Industry

Cybersecurity Experts Warn of Cyberattacks Called ‘Ice Breaker’ Targeting Gambling And Gaming Industry

A new attack effort has been targeting the gaming and gambling industries since at least September 2022. This news emerged just months before the ICE London 2023 gaming industry trade fair event that is set for next week. Security Joes, an Israeli cybersecurity firm, is monitoring the activity cluster known as Ice Breaker and claims the breaches use sophisticated social engineering techniques to implant a JavaScript backdoor.

The following is the order of the attack: While starting a chat with a service representative of a gaming website in a client’s persona, the threat actor requests that the person on the other end access a Dropbox-hosted screenshot image. Security Joes stated that the threat actor is “well-aware of the fact that the customer service is human-operated.”

When a malicious link is clicked in a conversation, it either retrieves an LNK payload or, as a backup option, a VBScript file, the former of which is set up to download and run an MSI package with a Node.js implant. All the features of a typical backdoor are present in the JavaScript file, giving the threat actor the ability to list active processes, steal passwords and cookies, exfiltrate arbitrary files, take screenshots, execute VBScript imported from a remote server, and even open a reverse proxy on the victim computer.

If the victim uses the VBS downloader, the infection results in the release of Houdini, a 2013 remote access trojan that uses VBS as its basis. Though their origins are still unclear, it has been noted that the threat actors speak with customer service representatives in poor form of English. The MalwareHunterTeam previously disclosed certain indications of compromise (IoCs) related to the campaign in October 2022.

Felipe Duarte, a senior threat researcher at Security Joes, noted that this is a very powerful attack vector for the gambling and gaming industries. Dissecting the never-before-seen compiled JavaScript second-stage malware reveals that we are dealing with a sophisticated threat actor who may be supported by an interest owner.

About the author

Yehudah Sunshine

Yehudah Sunshine

Bringing together his diverse professional cyber know-how, intellectual fascination with history and culture, and eclectic academic background focusing on diplomacy and the cultures of Central Asia, Yehudah Sunshine keenly blends his deep understanding of the global tech ecosystem with a nuanced worldview of the underlying socio-economic and political forces which drive policy and impact innovation in the cyber sectors. Yehudah's current work focuses on how to create and or opportunities enhance marketing strategies and elevate cyber driven thought leadership for cyfluencer (www.cyfluencer .com), the cybersecurity thought leadership platform. Sunshine has written and researched extensively within cybersecurity, the service sectors, international criminal accountability, Israel's economy, Israeli diplomatic inroads, Israeli innovation and technology, and Chinese economic policy.