.png)
.png)
A comprehensive report from cybersecurity firm Infoblox has unveiled the operations of an extensive Chinese cybercrime network, which continues to illegally advertise gambling websites in Asia and was previously linked to European football club sponsorships.
The Infoblox report details how Vigorish Viper, a sophisticated technology suite, underpins a vast illegal gambling operation utilizing a broad range of technologies, including software, DNS configurations, website hosting, payment systems, and mobile apps.
This technology supports numerous gambling brands sponsoring European sports teams and exploits the $1.7 trillion illegal gambling market by targeting residents of Greater China and victims worldwide. Developed by the Yabo Group (also known as Yabo Sports or Yabo), Vigorish Viper facilitated what might have been the largest illegal gambling operation targeting Greater China before Yabo's reported dissolution in 2022.
The Yabo Group has been embroiled in controversy in Europe, notably using football club sponsorships, including those in the English Premier League like Manchester United, to illegally advertise unregulated gambling sites in Asia. The Asian Racing Federation (ARF) Council on Anti-Illegal Betting and Related Financial Crime identified Yabo as “possibly the biggest illegal gambling operation targeting Greater China” and linked it to practices of modern slavery, where victims are coerced into supporting gambling services.
Infoblox researchers discovered that the former company has spawned an array of offshoots “laundered into a series of new entities, including Kaiyun Sports, KM Gaming, Ponymuah, and SKG.” Despite rebranding and reorganizing under new identities like Kaiyun Sports and Ponymuah Ltd., the underlying technology and operations remain unchanged, controlled by the original crime syndicate. These brands continue to mask their true operations behind layers of shell companies and false credentials.
The report underscores the global reach and sophistication of Vigorish Viper’s operations, which leverage advanced technologies such as data mining, blockchain, and artificial intelligence to enhance their criminal activities. This technological prowess highlights the challenge of dismantling such well-organized and adaptable networks. “Vigorish Viper represents one of the most sophisticated and important threats to digital security that we have discovered to date,” stated Dr. Renée Burton, Vice President of Infoblox Threat Intel.
“Infoblox Threat Intel used cutting-edge DNS research to discover the technologies underpinning the syndicate. Vigorish Viper created a complex infrastructure with multiple layers of traffic distribution systems (TDSs) using DNS CNAME records and JavaScript, which makes it incredibly difficult to detect.”
Vigorish Viper is intricately connected to the controversy over European football club sponsorships that illegally promote gambling sites in Asia. Chinese organized crime groups use these sponsorships to advertise gambling websites, enticing Chinese viewers to place bets. These sponsorships were established with English Football League clubs, but most notably with teams in the English Premier League, the most-watched football league in the world, with an estimated 4.7 billion viewers, many in Asia.
Despite sanctions from the UK Gambling Commission targeting several brands linked to Vigorish Viper, the operation persists, with new sponsorship deals secured with teams across Europe. The report noted how Chinese criminal syndicates have drawn sports teams into their illicit activities and leveraged the teams’ popularity as a force multiplier.
Even though gambling is almost completely illegal in Greater China, it is estimated that citizens in the region bet nearly $850 billion annually. “Through a series of shell companies using fake identities and credentials, the Chinese organized crime groups establish brand presence, typically represented by a so-called white label intermediary who provides local representation and bona fides,” the report points out. “Players wear the sponsor’s logo on their shirt during games, or the logo is advertised on pitchside boards of the stadium, or both. The games are broadcast in China, often illegally, where viewers are enticed to visit the website and bet on their favorite club.”
KB Sports, for example, signed a three-year sponsorship deal that year with the French football club FC Girondins, allowing it to advertise pitchside. According to Infoblox, the gambling operator’s website isn’t available in Europe, but it is accessible in Hong Kong, Macau, and mainland China, where gambling is a massive industry despite being illegal.
The website, accessed from a residential Chinese IP address, incorporates numerous security mechanisms to ensure the user is a legitimate gambler. If the server detects suspicious activity, it will disconnect the user. Constant monitoring of the user’s actions and connection is in place. The website content is entirely in Mandarin with no available translation, featuring images of various sports figures and scantily clad young women.
Betting categories include football, NBA, soccer, lotteries, casino games, online games, and VIP tables. QR codes for downloading iOS and Android apps are also available.
The site includes a support page with instant chat options through a web app, as well as links to Skype and QQ, a popular Chinese instant messaging service. Based on site interactions, the customer support appears to be live rather than AI-based, with the website also containing fake links to official companies at the bottom of the pages. If a user remains idle but their activity is deemed authentic by the server’s fingerprinting routines, a random ad is displayed. These ads often promote financial bonuses under conditions requiring regular betting. For instance, one ad offers up to RMB10,000 ($1,500) if the user deposits at least RMB500,000 ($70,000) within a week.
These systems are complemented by their own encrypted communications and custom-developed applications, making their activities not only elusive but also remarkably resilient. Vigorish Viper is linked to kb[.]com and other sanctioned entities, forming a complex web of criminal activities. Tens of seemingly unrelated gambling brands that advertise by way of sponsorship deals with certain European sports teams use Vigorish Viper technology. While these brands appear distinct, they operate more like the branches of a franchise, further highlighting the importance of a holistic view on such threats that only DNS brings to the table.
“DNS analytics led to the discovery of Vigorish Viper and constitutes the best mechanism for tracking the actor’s infrastructure. Stopping Vigorish Viper is also most effective via DNS because the actor changes rapidly,” added Burton.
By examining the DNS data, Infoblox traced this vast criminal enterprise back to the Yabo Sports/Yabo Group organization, which uses a sprawling network of domain names, websites, and applications to facilitate an extensive illegal gambling operation targeting users across Southeast Asia and beyond. The firm warned that despite the network’s massive scale and overt public presence through sponsorships of high-profile European football clubs, Vigorish Viper has managed to operate with impunity in China.
Infoblox recommends blocking DNS resolution of all domains associated with Vigorish Viper to protect users from the dangers of this illegal gambling network, which is linked to organized crime, scams, and human trafficking. The report also highlights how trafficked distribution systems enable cybercriminals to evade detection for years, suggesting the need for greater industry and government collaboration to identify and shut down these hidden operators. “Vigorish Viper’s network is just one more example. Our hope is that industry, academia, and government institutions will look at new avenues to detect and control these hidden operators, and thereby combat the current economic trend of cybercrime,” the company underlined.
By fLEXI tEAM
Comments