Since at least September 2023, a group of hackers known only as GambleForce have been linked to a number of SQL injection attacks on businesses, mostly in the Asia-Pacific (APAC) area.

The Singapore-based Group-IB stated in a report shared with The Hacker News that “GambleForce uses a set of basic yet very effective techniques, including SQL injections and the exploitation of vulnerable website content management systems (CMS) to steal sensitive information, such as user credentials.”

“Web injections are among the oldest and most popular attack vectors,” Nikita Rostovcev, senior threat analyst at Group-IB, said.

Speed Optimized

The attack chains involve the use of SQL injections to abuse victims’ public-facing applications using the medium-severity Joomla CMS bug CVE-2023-23752 to obtain unauthorized access to a Brazilian organization.

Conduct replied off whether SQL injection adapted

The attack chains involve the use of SQL injections to abuse victims’ public-facing applications using the medium-severity Joomla CMS bug CVE-2023-23752 to obtain unauthorized access to a Brazilian organization.

As of right now, it’s unknown how GambleForce makes use of the stolen data. In addition, the cybersecurity company claimed to have alerted the victims and taken down the adversary’s command-and-control (C2) server.

“And the reason being is that sometimes developers overlook the importance of input security and data validation. Insecure coding practices, incorrect database settings, and outdated software create a fertile environment for SQL injection attacks on web applications.”