The latest news from the Casino world!
The latest news from the Casino world!
Gambling club casino news cybersecurity apt41 attack online casinos

Online Casinos at risk: Cyberattack by APT41

22 Oct 2024 • Reading time: 2 minutes

The online gambling industry, already heavily regulated, is facing a new threat: cyberattacks. Specifically, the Chinese hacking group APT41, known for its espionage and cybercrime operations, has targeted several online casinos around the world.

“Over a period of at least six months, the attackers stealthily collected valuable information from the targeted company, including but not limited to network configurations, user passwords, and LSASS process secrets.”

Ido Naor, co-founder and CEO of Israeli cybersecurity firm Security Joes

This intrusion allowed APT41 to penetrate deep into its victims’ systems.

A methodical attack

Security Joes described APT41 as both “highly skilled and methodical.” They highlighted their ability to launch espionage attacks as well as poison the supply chain, enabling intellectual property theft. Their intrusions were clearly motivated by financial motives such as ransomware and cryptocurrency mining.

The initial access vector used in this attack is currently unknown, but evidence suggests it may have been spearphishing emails.

Once inside the network, the attackers executed, among other things, a DCSync attack, aimed at harvesting password hashes of service and administrator accounts to extend their access.

Over time, the attackers adapted their toolkit to bypass the measures taken against them and escalate their privileges. Their goal was to collect critical information and establish covert channels for persistent remote access. The stolen data was exfiltrated to servers controlled by the hackers.

The attack, which targeted one of Security Joes’ clients, lasted nearly nine months and shares similarities with a series of intrusions tracked by cybersecurity vendor Sophos under the name Operation Crimson Palace.

Far-reaching consequences

The consequences of these attacks are multiple and serious. For online casinos, they can result in significant financial losses, reputational damage, and legal action. For players, the risk of identity theft and financial loss is real. In addition, these attacks can impact consumer confidence in online gaming.

“These attacks depend on state-sponsored decision-makers. This time, we suspect with high confidence that APT41 was seeking financial gain.”

Ido Naor

This statement suggests that APT41’s motivations go beyond industrial espionage and may include a financial component.

 | 

Caroline specializes in the casino industry, where she combines a deep knowledge of the gaming sector in France with a passion for digital innovations. She explores the changes that are revolutionizing this industry, from the integration of artificial intelligence in the user experience and data analysis to blockchain technologies that strengthen the security and transparency of transactions. Curious and committed, she is particularly interested in responsible gaming solutions and new regulations, addressing topics as varied as player protection, risky behavior management, and the importance of ethical practices.

Through her in-depth and accessible articles, Caroline allows readers to better understand the trends, innovations and challenges of a constantly changing industry. She takes care to demystify new technologies and to make the link between technical advances and their concrete implications for players and operators. Her goal? To offer an informed and balanced vision of a sector in full transition, between tradition and modernity, while contributing to a dialogue around more responsible and secure gaming.

Recommended

Entain case: the British courts uphold the confidentiality of documents

On 13 May 2025, the UK High Court granted Entain, the online betting giant and owner of Ladbrokes and Coral, permission to keep confidential its defence documents in a court case brought by its former directors, Kenny Alexander and Lee Feldman. The decision prevents public access to Entain’s legal responses to allegations of corruption relating to its former Turkish subsidiary.

PointsBet: spam is expensive

Online betting provider PointsBet Australia Pty Ltd has been fined AU$500,800 (approximately €285,000) for breaching Australia’s spam and self-exclusion laws.

Cruks fails: players hit by new glitch

The Cruks register, designed to protect people from gambling addiction, faced technical problems again yesterday. Players could not register or exclude themselves from participating in online gambling.