• Infoblox has exposed Vigorish Viper, a Chinese
  cybercrime syndicate using sophisticated technology to take
  advantage of the AU$2.5 trillion illegal gambling economy,
  with links to money laundering and human trafficking
  operations across Southeast Asia
• Research reveals
  that Vigorish Viper has been central to the sponsorship
  controversy surrounding several European football clubs,
  including clubs in the English Premier
  League
• Vigorish Viper was formed under and
  controlled by Yabo Group, an infamous and elusive company
  tied to human trafficking and large-scale cybercrime
  operations across Southeast Asia
• Infoblox’s unique
  approach to threat intelligence based in DNS research led to
  the discovery and exposure of how Vigorish Viper operates,
  including their operational platform, traffic distribution
  systems, encrypted communications and custom
  apps

Sydney, Australia., July 23,
2024 – Infoblox Inc., a leader
in cloud networking and security services, today announced a
significant breakthrough in cybercrime investigation with
the unmasking of a threat actor that the company has named
“Vigorish Viper.” Vigorish Viper is a Chinese organised
crime syndicate that utilizes a sophisticated technology
suite to take advantage of the global $2.5 trillion illegal
sports gambling economy, with links to money laundering and
human trafficking operations across Asia. This Infoblox
discovery marks a significant milestone in the ongoing
battle against global cybercrime using DNS
intelligence.

“Vigorish
Viper represents one of the most sophisticated and
important threats to digital security that we have
discovered to date,” said Dr. Renée Burton, Vice
President, Infoblox Threat Intel. “Infoblox Threat Intel
used cutting-edge DNS research to discover the technologies
underpinning the syndicate. Vigorish Viper created a complex
infrastructure with multiple layers of traffic distribution
systems (TDSs) using DNS CNAME records and JavaScript, which
makes it incredibly difficult to detect. These systems are
complemented by their own encrypted communications and
custom-developed applications, making their activities not
only elusive but also remarkably
resilient.”

Vigorish Viper is a name derived from
the gambling world’s exorbitant fees levied on unlucky
bettors. The term vigorish, or vig for short, is used by
organised crime syndicates to refer to these fees. Viper
refers to the complex combination of TDSs and convoluted
brand relationships that the actor employs to route users to
content. Vigorish Viper leverages sponsorship of popular
European sports teams to advertise for their illegal
gambling sites, which primarily target Greater
China. 

Dr. Renée Burton added, “This work is
particularly important because it connects the physical
crimes of human trafficking, money laundering, and fraud, to
online crime in a way that hasn’t been done before. We can
now see that organised crime is executing a cunning strategy
that uses unwitting European clubs to fuel their criminal
cycle.” 

The research
report from Infoblox details the discovery of Vigorish
Viper, how it operates from a technical perspective, its
ties to organized crime, and its role in the European
football sponsorship scandals. Key findings
include: 

• Sophisticated Tech
  Suite: Vigorish Viper’s technology suite is a
  comprehensive cybercrime supply chain, encompassing
  software, DNS configurations, website hosting, payment
  systems, and mobile
  apps. 
• Criminal
  Connections: The technology was developed by the
  notorious Yabo Group (also known as Yabo Sports or Yabo)
  prior to its reported dissolution in 2022. The Yabo Group
  has been linked to controversy in Europe surrounding the use
  of certain football club sponsorships, including several in
  the English Premier League such as Manchester United, to
  illegally advertise unregulated gambling sites in Asia. The
  Asian Racing Federation (ARF) Council on Anti-Illegal
  Betting and Related Financial Crime identified Yabo as
  “possibly the biggest illegal gambling operation targeting
  Greater China” and directly tied it to practices of modern
  slavery in which victims are forced to support gambling
  services. 
• Elusive Operations & DNS
  Knowledge: Vigorish Viper operates a vast network
  of over 170,000 active domain names, evading detection and
  law enforcement through its sophisticated use of DNS CNAME
  traffic distribution systems. 
• European
  Sponsorship Controversy: The network is implicated
  in a scheme that involves securing European football club
  sponsorships on screens during games, or on player jerseys
  for example, to advertise illegal gambling sites in
  Southeast Asia, exploiting the clubs’ popularity to
  attract bettors. 
• Interconnected
  Threats: Tens of seemingly unrelated gambling
  brands that advertise by way of sponsorship deals with
  certain European sports teams use Vigorish Viper technology.
  While these brands appear distinct, they operate more like
  the branches of a franchise, further highlighting the
  importance of a holistic view on such threats that only DNS
  brings to the table. 

“DNS analytics led
to the discovery of Vigorish Viper and constitutes the best
mechanism for tracking the actor’s infrastructure.
Stopping Vigorish Viper is also most effective via DNS
because the actor changes rapidly,” added
Burton. 

Adding to the gravity of
the situation, despite gambling being almost completely
illegal in Greater China, it is estimated that citizens in
the region bet nearly AU$1.2 trillion annually. This
staggering figure underscores the scale and complexity of
Vigorish Viper’s operations, with significant implications
for global cybercrime. 

Details on this threat
actor can be found in Infoblox Threat Intel’s latest
research report here. 

“Infoblox
remains committed to providing actionable intelligence to
expose threat actors leveraging DNS for their operations,”
Burton emphasized. “Our ongoing tracking and exposure of
threat actors demonstrates the critical role DNS plays in
combating sophisticated cyber threats, and underscores the
industry’s need for continued innovation in DNS and
cybersecurity technologies.” 

Under the
leadership of Dr. Renée Burton, Infoblox Threat Intel has
become a proud originator of DNS-based threat intelligence.
Infoblox Threat Intel’s researchers use a unique approach
that combines a profound understanding of DNS data, data
science, machine learning, artificial intelligence, and
reverse engineering. This potent mix of skills and expertise
enables Infoblox Threat Intel to generate robust threat
intelligence, fortifying Infoblox’s Threat Defence
solutions. Learn more about Infoblox Threat Intel and
explore how its research is shaping the future of
cybersecurity by visiting https://www.infoblox.com/threat-intel/. 

About
Infoblox

Infoblox unites networking and
security to deliver unmatched performance and protection.
Trusted by Fortune 100 companies and emerging innovators, we
provide real-time visibility and control over who and what
connects to your network, so your organisation runs faster
and stops threats earlier. Visit infoblox.com,
or follow us on LinkedInor
X.

© Scoop Media