Operation Ice Breaker Targets The Gambling Industry
Operation IceBreaker targeted the gambling and gaming industries by means of social engineering, where the attacker tried to lure employees into executing a novel backdoor.
It is suspected the attacker is not an English speaker, and this campaign name was born from the "ICE" conference.
The modus operandi of the threat actor is to impersonate a customer of the website and share a malicious zip or LNK file disguised as a screenshot of an issue related to account login.
The support agent executes the downloaded file, and the malicious server is contacted to fetch the second stage, the backdoor, and executes it.
The malware steals data from local storage and exfiltrates information to the adversary via web sockets.
Featured Resources
View More Resources
blog
CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover
CVE-2026-26117 lets attackers hijack Azure Arc on Windows, escalate to SYSTEM, and seize the machine’s cloud identity.
Demo
Exposure Validation Demo
Demo of automated offensive simulations validating detection, prevention, and IOC coverage
blog
Validate What Matters: Simulate Real-World Identity and Privilege Attacks in AD and Entra ID
Identity is the new perimeter. The move to the cloud and remote work creates new security boundaries based on users and services operating across cloud and hybrid environments, making