An eye-opening report describes a cyber crime supply chain with connections to Chinese organized crime, illegal online gambling, money laundering, human trafficking, and even sponsorships with European sports teams.
Infoblox, the security firm that authored the report, said this supply chain was controlled by a single actor it calls Vigorish Viper. The main purpose of the enterprise was to facilitate illegal online gambling for residents of what the report calls “Greater China.” (This term isn’t defined in the report, but from our reading of it we think it includes mainland China, Hong Kong, and Macau, but not Taiwan.)
Infoblox said the supply chain was organized into multiple entities performing different functions to “shield the operators from scrutiny and legal consequences.” In operational security terms, Vigorish Viper compartmentalizes its operations so that the disruption of any single entity (such as a money launderer, hosting provider, or payment service) by law enforcement action does not cripple the entire operation.
Infoblox was “highly confident” Vigorish Viper’s technology suite was developed by a company formerly known as the Yabo Group (aka Yabo Sports or Yabo). According to its reports, the technology itself is sophisticated:
The actor has implemented multiple, layered traffic distribution systems (TDSs) using DNS CNAME records and JavaScript, essentially creating a series of gates to protect their systems from unwanted scrutiny. They extensively profile the users, including continuously monitoring mouse movements and evaluating IP addresses. There are multiple versions of the software, and the most advanced version is reserved for the Chinese brands. Vigorish Viper hosts over 170k domain names and tens of brands in an infrastructure that is directly tied to Hong Kong and China.
Victims of human trafficking are reportedly forced to provide support to Yabo Group betting websites by boosting sites in live chat groups or by encouraging customers to place bets.
A large number of gambling sites run on top of Vigorish Viper’s back-end infrastructure. These are provided by dozens of “baowang” (meaning “full package” or “full bundle”) companies that offer “white label casino services,” target Chinese-speaking players, and claim to be licensed by regulators. The sheer diversity of these sites and the prevalence of copycat sites obfuscates the relationships between entities. These gambling sites are typically accessible only from mainland China, Hong Kong, and Macau, and visitors from elsewhere arrive at a splash page.
Vigorish Viper also sponsors European football teams:
Through a series of shell companies using fake identities and credentials, the Chinese organized crime groups establish brand presence, typically represented by a so-called white label intermediary who provides local representation and bona fides. Players wear the sponsor’s logo on their shirt during games, or the logo is advertised on pitchside boards of the stadium, or both. The games are broadcast in China, often illegally, where viewers are enticed to visit the website and bet on their favorite club.
In April 2023, TGP Europe, Vigorish Viper’s brand in the U.K., was fined by the U.K. gambling commission for “anti-money laundering and social responsibility failures.” Despite this, a number of top English football clubs still had sponsorships with Vigorish Viper brands (as of January), and the group has negotiated new sponsorship deals with French, Spanish, and other European teams.
Although Vigorish Viper also appears to target users outside the People’s Republic of China (PRC) with everyday scams and phishing, this appears to be a small side hustle and worth only a single paragraph in the report.
In its conclusion, Infoblox notes that “in spite of the massive number of domain names, websites, and accompanying applications, along with overt presence in the public eye, Vigorish Viper is operating directly and inexplicably in the PRC without meaningful consequence.” We agree that this is legitimately strange.