A vast operation has been defrauding individuals through fake gambling websites for 14 years, and researchers suspect it’s tied to a nation-state group focused on espionage. The network targets organizations in the US and Europe, using sophisticated techniques to exploit vulnerabilities in websites, particularly those running WordPress and web apps developed with PHP. Security firms like Sucuri and Imperva have identified that the attackers compromise poorly configured sites and install a backdoor known as a GSocket to host gambling content. The fraudulent sites mainly attract Indonesian speakers, as gambling is illegal in Indonesia, pushing users toward these illicit platforms. The scale of the operation is staggering, involving 236,433 domains, most hosted on Cloudflare, along with 1,481 hijacked subdomains from major providers like Amazon Web Services and GitHub. Researchers from Malanta have revealed that this is more than a simple scam; it’s a complex network likely supporting a range of espionage activities against various sectors, including healthcare and government. The sheer investment in this operation is significant, with costs estimated between $725,000 and $17 million annually to maintain the infrastructure. The long-term commitment and resources involved suggest a motive beyond mere financial gain, pointing to a broader strategy of surveillance and data collection on targeted organizations. This insight raises concerns about the implications for cybersecurity and the potential threat posed by state-sponsored actors.