- Infoblox has exposed Vigorish Viper, a Chinese cybercrime
syndicate using sophisticated technology to take advantage of the
US$1.7 trillion illegal gambling economy, with links to money laundering
and human trafficking operations across Southeast Asia
- Research reveals that Vigorish Viper has been central to the
sponsorship controversy surrounding several European football
clubs, including clubs in the English Premier League
- Vigorish Viper was formed under and controlled by Yabo
Group, an infamous and elusive company tied to human trafficking
and large-scale cybercrime operations across Southeast Asia
- Infoblox's unique approach to threat intelligence based in
DNS research led to the discovery and exposure of how Vigorish
Viper operates, including their operational platform, traffic
distribution systems, encrypted communications and custom
apps
SANTA
CLARA, Calif., July 22,
2024 /PRNewswire/ -- Infoblox Inc., a leader in cloud
networking and security services, today announced a significant
breakthrough in cybercrime investigation with the unmasking of a
threat actor that the company has named "Vigorish Viper." Vigorish
Viper is a Chinese organized crime syndicate that utilizes a
sophisticated technology suite to take advantage of the global
$1.7 trillion illegal sports
gambling economy, with links to
money laundering and human trafficking operations across
Asia. This Infoblox discovery
marks a significant milestone in the ongoing battle against global
cybercrime using DNS intelligence.
![The relationship between Vigorish Viper, kb[.]com, and known sanctioned entities The relationship between Vigorish Viper, kb[.]com, and known sanctioned entities](https://mma.prnewswire.com/media/2465404/Infoblox_relationship_vigorish_and_other_entities.jpg)
"Vigorish Viper represents one of the most sophisticated and
important threats to digital security that we have discovered to
date," said Dr. Renée Burton, Vice President, Infoblox Threat
Intel. "Infoblox Threat Intel used cutting-edge DNS research to
discover the technologies underpinning the syndicate. Vigorish
Viper created a complex infrastructure with multiple layers of
traffic distribution systems (TDSs) using DNS CNAME records and
JavaScript, which makes it incredibly difficult to detect. These
systems are complemented by their own encrypted communications and
custom-developed applications, making their activities not only
elusive but also remarkably resilient."
Vigorish Viper is a name derived from the gambling world's exorbitant fees levied on unlucky
bettors. The term vigorish, or vig for short, is used by organized
crime syndicates to refer to these fees. Viper refers to the
complex combination of TDSs and convoluted brand relationships that
the actor employs to route users to content. Vigorish Viper
leverages sponsorship of popular European sports teams to advertise
for their illegal gambling sites,
which primarily target Greater
China.
Dr. Renée Burton added, "This work is particularly important
because it connects the physical crimes of human trafficking, money
laundering, and fraud, to online
crime in a way that hasn't been done before. We can now see that
organized crime is executing a cunning strategy that uses unwitting
European clubs to fuel their criminal cycle."
The research report from Infoblox details the discovery of
Vigorish Viper, how it operates from a technical perspective, its
ties to organized crime, and its role in the European football
sponsorship scandals. Key findings include:
- Sophisticated Tech Suite: Vigorish Viper's technology
suite is a comprehensive cybercrime supply chain, encompassing
software, DNS configurations, website hosting, payment systems, and
mobile apps.
- Criminal Connections: The technology was developed by
the notorious Yabo Group (also known as Yabo Sports or Yabo) prior to its reported
dissolution in 2022. The Yabo Group has been linked to controversy
in Europe surrounding the use of
certain football club sponsorships, including several in the
English Premier League such as Manchester United, to illegally
advertise unregulated gambling sites
in Asia. The Asian Racing
Federation (ARF) Council on Anti-Illegal Betting and Related Financial Crime identified Yabo as
"possibly the biggest illegal gambling operation targeting Greater China" and directly tied it to
practices of modern slavery in which victims are forced to support
gambling services.
- Elusive Operations & DNS Knowledge: Vigorish Viper
operates a vast network of over 170,000 active domain names,
evading detection and law enforcement through its sophisticated use
of DNS CNAME traffic distribution systems.
- European Sponsorship Controversy: The network is
implicated in a scheme that involves securing European football
club sponsorships on screens during games, or on player jerseys for
example, to advertise illegal gambling sites in Southeast
Asia, exploiting the clubs' popularity to attract
bettors.
- Interconnected Threats: Tens of seemingly unrelated
gambling brands that advertise by
way of sponsorship deals with certain European sports teams use
Vigorish Viper technology. While these brands appear distinct, they
operate more like the branches of a franchise, further highlighting
the importance of a holistic view on such threats that only DNS
brings to the table.
"DNS analytics led to the discovery of Vigorish Viper and
constitutes the best mechanism for tracking the actor's
infrastructure. Stopping Vigorish Viper is also most effective via
DNS because the actor changes rapidly," added Burton.
Adding to the gravity of the situation, despite gambling being almost completely illegal in
Greater China, it is estimated
that citizens in the region bet nearly US$850 billion annually. This staggering figure
underscores the scale and complexity of Vigorish Viper's
operations, with significant implications for global
cybercrime.
Details on this threat actor can be found in Infoblox Threat
Intel's latest research report here.
"Infoblox remains committed to providing actionable intelligence
to expose threat actors leveraging DNS for their operations,"
Burton emphasized. "Our ongoing tracking and exposure of threat
actors demonstrates the critical role DNS plays in combating
sophisticated cyber threats, and underscores the industry's need
for continued innovation in DNS and cybersecurity
technologies."
Under the leadership of Dr. Renée Burton, Infoblox Threat Intel
has become a proud originator of DNS-based threat intelligence.
Infoblox Threat Intel's researchers use a unique approach that
combines a profound understanding of DNS data, data science,
machine learning, artificial intelligence, and reverse engineering.
This potent mix of skills and expertise enables Infoblox Threat
Intel to generate robust threat intelligence, fortifying Infoblox's
Threat Defense solutions. Learn more about Infoblox Threat Intel
and explore how its research is shaping the future of cybersecurity
by visiting https://www.infoblox.com/threat-intel/.
About Infoblox
Infoblox unites networking and security
to deliver unmatched performance and protection. Trusted by Fortune
100 companies and emerging innovators, we provide real-time
visibility and control over who and what connects to your network,
so your organization runs faster and stops threats earlier. Visit
infoblox.com, or follow us on LinkedIn or X.
View original content to download
multimedia:https://www.prnewswire.com/news-releases/infoblox-exposes-chinese-cybercrime-syndicate-linking-european-football-sponsors-human-trafficking-and-a-trillion-dollar-illegal-gambling-economy-302201982.html
SOURCE Infoblox Inc.