Research Links Suncity Group To FUNNULL In Gambling And Phishing Scams

A recent investigation by Silent Push has uncovered connections between gambling, money laundering, and phishing scams, all linked to the controversial FUNNULL content delivery network (CDN).

The findings indicate that FUNNULL is hosting a significant number of shady websites, many tied to illicit gambling operations and retail phishing schemes.

One of the key players in this network is the Suncity Group, a Macau-based junket operator that has been embroiled in scandals related to money laundering and illegal gambling, as noted on the investigation.

The group, once the largest VIP operator in Asia’s gambling scene, allegedly built a massive underground banking system that processed $100 billion in illegal bets and laundered $40 billion for criminals.

Despite denying any involvement in online gaming, evidence suggests that Suncity enabled Chinese nationals to gamble online, evading mainland China’s strict anti-gambling laws, as noted by the investigation.

Alvin Chau, the CEO of Suncity Group, was sentenced to 18 years in prison last year for his role in these illegal activities. The investigation into Suncity revealed ties to the notorious Chinese Triad crime syndicate, and it was found that the group had laundered $19 million for the infamous North Korean cybercrime group, Lazarus.

What’s more disturbing is the scale of Suncity’s online infrastructure. The researchers discovered over 6,500 domain-generated algorithm (DGA) hostnames connected to the group’s gambling operations, all hosted on FUNNULL’s CDN.

Further digging into the Suncity websites revealed links to a GitHub account, which contained code templates used to create various gambling websites hosted on FUNNULL. These templates, while outdated, show how a single entity may be responsible for developing a large portion of the gambling sites on the network.

In addition to illegal gambling, Silent Push uncovered another side to FUNNULL’s operations—phishing scams targeting major retail brands.

Over 650 domains were found hosting fake login pages for companies like Chanel, Cartier, and eBay. These phishing sites are designed to trick users into entering their credentials, which are then stolen and likely sold or used for further cyberattacks.

The phishing sites shared similar coding structures, suggesting a coordinated campaign. The reach of these scams is massive, according to the report. FUNNULL isn’t just hosting websites for gambling and phishing; it’s also involved in a supply chain attack.

Earlier this year, the group took control of a popular JavaScript library, polyfill.io, used by over 110,000 websites worldwide. By modifying the code, FUNNULL was able to redirect users to Asian gambling sites, affecting a vast number of websites, many of which were unaware of the malicious redirections.

The use of cryptocurrencies, particularly Tether (USDT), is also prominent in the illicit activities hosted on FUNNULL. Many gambling sites encourage users to deposit funds in Tether, making it easier to move money without detection.

This adds another layer of complexity to an already convoluted web of criminal activity. The findings have raised serious concerns about the role of CDNs like FUNNULL in facilitating cybercrime.

While content delivery networks are designed to speed up internet traffic, shady operators like FUNNULL use their infrastructure to hide illicit activities behind layers of complexity, making it harder for authorities to trace the origins of the scams.