Vigorish Viper

Vigorish Viper, a threat actor identified by Infoblox, has emerged as a significant cybersecurity concern. This entity is responsible for designing, developing, and maintaining a complex system of obfuscation to shield its activities. Vigorish Viper's stealthy suite employs a variety of anti-analysis techniques such as control flow and code obfuscation, encryption, use of uncommon and varied ports for TCP access, and user activity monitoring on its sites. If the system detects automated behavior, it triggers a captcha puzzle or disconnects the server outright. The threat actor is linked with companies like Yabo and Kaiyun, which along with numerous other entities, share Vigorish Viper technology. These companies operate in a manner similar to branches of a single franchise, according to Infoblox. Notably, these entities maintain an air of legitimacy through partnerships and sponsorships, such as Fun88's shirt sponsorship for Saudi Arabia-owned Newcastle United. This strategy helps attract fans from China and Southeast Asia to their sites. To ensure that these sites do not attract unwanted attention, Vigorish Viper utilizes web application firewalls (WAFs) for protection. The sites also employ unique measures like blocking right-clicking or text selection. Despite the intricate network of false identities, Dr. Renée Burton, head of threat intelligence at Infoblox, emphasizes the importance of understanding the real-life implications of these technical stories. The recent report by Infoblox sheds light on this amorphous entity and its sophisticated techniques, highlighting the need for increased vigilance in the cybersecurity landscape.