Share this article on:
A Chinese cyber crime syndicate with alleged links to money laundering and human trafficking activities has been connected to a European football sponsorship controversy, cloud networking and security provider Infoblox claims.
European football clubs have been linked to a Chinese crime syndicate that facilitates illegal gambling in China, cloud and cyber security provider Infoblox claimed in a recent report.
According to threat intelligence, sponsorships from different gambling companies targeting Asian viewers appeared on jerseys and in football stadiums that were broadcasted.
Though the sponsors were “tens of seemingly unrelated gambling brands”, domain name research found similar instances of technology between them. This prompted Infoblox to dub the actor behind the technology Vigorish Viper.
Researchers involved in the operation believe that the technology was developed by the Yabo Group, which is believed to run one of the largest illegal gambling operations in China while also accused of trafficking persons to run gambling and scam centres on the Laos-Cambodian border.
Vigorish Viper is alleged to be synonymous or developed by the Yabo Group, with “references to Yabo are littered throughout the software and the infrastructure”.
The actors were able to gain British gambling licences through a complex ownership structure that obscured the true ownership of the groups.
“Amid media scrutiny, Yabo was dissolved in 2022, but the remnants of the company were essentially laundered into a series of new entities, including Kaiyun Sports, KM Gaming, Ponymuah, and SKG,” the Infoblox report said.
“While at face value, these new companies appear independent, evidence shows they are not. Together, the newly established companies make up a supply chain for Vigorish Viper to continue operations unabated and under less scrutiny.”
Dr Renée Burton, vice president at Infoblox Threat Intel, explained how the company linked the shell groups together.
“Vigorish Viper represents one of the most sophisticated and important threats to digital security that we have discovered to date,” Burton said.
“Infoblox Threat Intel used cutting-edge DNS research to discover the technologies underpinning the syndicate. Vigorish Viper created a complex infrastructure with multiple layers of traffic distribution systems (TDSs) using DNS CNAME records and JavaScript, which makes it incredibly difficult to detect.
“These systems are complemented by their own encrypted communications and custom-developed applications, making their activities not only elusive but also remarkably resilient.”
The finding is particularly worrying as it shows the interconnectedness between different threat groups.
“This work is particularly important because it connects the physical crimes of human trafficking, money laundering, and fraud to online crime in a way that hasn’t been done before. We can now see that organised crime is executing a cunning strategy that uses unwitting European clubs to fuel their criminal cycle,” Burton said.
Liam Garman is the managing editor of professional services, real estate and security at Momentum Media. He began his career as a speech writer at New South Wales Parliament before working for world leading campaigns and research agencies in Sydney and Auckland. Throughout his career, Liam has managed and executed international media campaigns spanning politics, business, industrial relations and infrastructure. He’s since shifted his attention to writing on politics and business, and holds a Bachelor of Commerce from the University of Sydney and a Masters from UNSW Canberra with a thesis on postmodernism and media ecology.