A sophisticated Chinese cybercrime network, known as Vigorish Viper, has been uncovered, revealing its involvement in illegal gambling, human trafficking, and money laundering across Southeast Asia. The network uses advanced technology to evade detection and has ties to numerous sports sponsorships and online scams.
Key Takeaways
Vigorish Viper is linked to illegal gambling, human trafficking, and money laundering.
The network uses advanced DNS configurations and encrypted communications to evade detection.
It has ties to numerous sports sponsorships and online scams.
The network operates over 170,000 active domain names.
The Network's Operations
Vigorish Viper, developed by the Yabo Group (now rebranded as Kaiyun Sports and absorbed into Ponymuah), uses a comprehensive technology suite marketed in China as "baowang" ("full package"). This suite includes DNS configurations, website hosting, payment mechanisms, advertising, and mobile apps. The network hosts thousands of domain names and numerous brands, primarily tied to Hong Kong and China.
Sports Sponsorships and Advertising
The network secures European football club sponsorships using front companies or white label brands to advertise illegal gambling sites. Betting company logos have appeared up to 3,500 times during televised football matches. The investigation also revealed similar sponsorship agreements with cricket and kabaddi teams in India.
Advanced Evasion Techniques
Vigorish Viper operates a vast network of over 170,000 active domain names, using sophisticated DNS CNAME traffic distribution systems to evade detection. These systems redirect traffic from one domain to another and differentiate between residential, mobile, and commercial IP addresses in China. The network also uses encrypted communications and custom-developed applications to remain elusive and resilient.
Offline Crimes and Human Trafficking
The network's online crimes have an offline aspect involving human trafficking. Individuals are lured with promises of high-paying jobs and coerced into supporting sports betting schemes and promoting cryptocurrency scams. Teams coordinate with commentators and broadcasters of live sports to promote betting websites during games.
Investigation and Findings
Infoblox's investigation into Vigorish Viper began with a single anomalous domain, kb[.]com, a gambling site named KB Sports that uses Chinese nameservers. The site is geo-blocked to users in France and elsewhere in Europe but accessible from mainland China and Hong Kong. Users are redirected to different domains over time, and the site disables right-click functionality and text selection to hinder investigations.
Global Reach and Defense Mechanisms
Vigorish Viper's activities target users worldwide, with defense mechanisms such as CAPTCHA puzzles and fingerprinting checks to validate IP addresses. The network's reach extends to dozens of brands and targets users beyond Southeast Asia. Despite its massive presence, Vigorish Viper operates openly in the PRC without significant consequences.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post. Remember to book a consultation with us to learn how BetterWorld Technology can help protect you and your organization from the dangers of cybercrime.