A large and complex network responsible for running illegal gambling websites has been operating for over 14 years. Recent findings suggest that this operation might go beyond simple financial scams. There are indications that it could be connected to a nation-state effort to gather intelligence on governments and private organizations in the US and Europe.

Uncovering the Network’s Infrastructure

Researchers have uncovered parts of this extensive operation over the years. Just last month, cybersecurity firm Sucuri reported that most of these fraudulent sites are built on WordPress, a popular website platform. The attackers often target websites that are not well-secured, making them easier to compromise.

Another firm, Imperva, found that the hackers scan for web applications built with PHP, especially those with known vulnerabilities or existing webshells. Once they find a vulnerable site, they deploy a GSocket backdoor. This backdoor allows them to control the server remotely and host illegal gambling content without the site owner’s knowledge. This shows a high level of technical sophistication and coordination.

Who Is Targeted and How the Infrastructure Is Set Up

The main audience for these illegal gambling sites appears to be Indonesian-speaking users. This makes sense because Indonesia has strict anti-gambling laws, which push residents to seek out illegal services instead. The operation hosts thousands of domains—over 236,000—most of which are on Cloudflare, a popular content delivery network.

Many of the hijacked subdomains, about 1,481 in total, are hosted on cloud services like Amazon Web Services, Azure, and GitHub. This widespread infrastructure suggests a highly organized operation with international links. While initially seen as a simple scam, ongoing investigations hint at a deeper purpose. Some experts believe this network could be used for espionage, possibly by a government entity aiming to gather intelligence or influence other nations. The implications of this are significant, raising concerns about cybersecurity and international security as more details emerge.

In sum, what started as a straightforward fraud scheme might actually be part of a larger, more dangerous effort. As investigators continue to probe, the full scope and motives of this operation remain largely unknown but potentially very serious. The intersection of cybercrime and espionage makes this a case to watch closely in the coming months.

Inspired by

• https://arstechnica.com/security/2025/12/fraudulent-gambling-network-may-be-a-nation-state-spying-operation/

Sources

• sucuri.net
• imperva.com
• malanta.ai
• wikipedia.org
• infosec.exchange