SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Shadowy figures cybercrime digital gambling southeast asia dark theme
#
Cybersecurity
#
Online gambling
#
Threat intelligence

BBIN & Vault Viper linked to cyber-enabled fraud in Asia

Mon, 27th Oct 2025
Author image
By Melania Watson, Interview Editor

New research conducted by Infoblox Threat Intelligence in cooperation with the United Nations Office on Drugs and Crime has linked major Asian iGaming provider BBIN, also known as Baoying Group, to organised crime and cyber-enabled fraud in Southeast Asia.

Corporate structures

The investigation uncovered connections through interlocking corporate ownership structures and affiliations, implicating BBIN in a wider network of illegal online gambling and related criminal activity.

Infoblox's research centred on the operations of a conglomeration referred to as 'Vault Viper,' believed to be worth tens of millions of dollars and spanning various commercial enterprises globally.

According to the research, Vault Viper is responsible for developing and operating the Universe Browser, which has been marketed as a privacy solution for gamblers wishing to elude censorship controls. However, the findings indicate the browser can be used for covert surveillance and could potentially exploit users.

Browser concerns

Infoblox's analysis found that the Universe Browser, advertised as enhancing user privacy, is capable of stealthily installing software consistent with surveillance activities, stealing credentials, and granting remote access. Researchers argue this creates significant risks for individuals utilising the tool under the pretext of protecting their privacy.

The browser developed by Vault Viper, Universe Browser, claims to protect users, but can covertly install software consistent with surveillance, credential theft, and remote access.

DNS infrastructure

The research team at Infoblox also highlighted the massive scale of Vault Viper's technical operations.

Through DNS analysis, investigators uncovered tens of thousands of domains tied to Vault Viper's infrastructure. This network, with a unique DNS fingerprint, enables operational control over a significant portion of the internet's domain space associated with these activities.

Infoblox Threat Intel detailed that Vault Viper's reach extended to direct control over its own Autonomous System Number (ASN) and multiple sizeable commercial entities, which include interests in airlines, casinos, and IT companies in addition to its online gambling operations.

Legal circumvention

The investigation traced online activity linked with BBIN and Vault Viper over a two-decade period, noting that the network continued to serve illegal casino operations based in Cambodia even after offshore gambling was banned in the Philippines.

This persistence despite regulatory restrictions highlights the adaptability of such groups in shifting their operational bases and methods to continue illicit operations.

Vault Viper isn't just a tech problem-it's a global crime story. By exposing this operation, Infoblox aims to help law enforcement, businesses, and everyday internet users stay one step ahead of the bad guys. The convergence of cybercrime and organised crime is real, and it's happening right now.

Commercial and criminal overlap

The DNS trail followed by researchers revealed extensive overlap between Vault Viper and BBIN/Baoying Group. The study found links connecting dozens of commercial ventures, ranging from the gambling and entertainment sector to technology and aviation, all underpinned by complex and opaque ownership arrangements. This, according to Infoblox, consolidates the view that the activities span beyond digital arenas and into broader economic spheres in the region.

Collaboration with authorities

The involvement of the United Nations Office on Drugs and Crime in the research underscores the international concern regarding such activity. Both organisations aim to support law enforcement in combating the intersection of cyber and traditional crime, which they consider a significant and growing threat in Southeast Asia and beyond.

Infoblox stated that by publicising details of these operations and infrastructures, it hopes to equip other businesses, regulators, and internet users with the information required to recognise and address these risks.

The exposure of Vault Viper's network and methods forms part of ongoing efforts to counteract the convergence of cybercrime and organised criminal enterprises.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Financial firms struggle to fully scale AI amid data silos & security
TeamViewer unveils Agentless Access for secure industrial control
Falco integrates Stratoshark for faster forensic cloud security
Fortinet unveils Secure AI Data Centre to protect large models
Bitdefender unveils Security Data Lake to cut alert overload

Top stories

New Relic launches AI-driven GitHub tools for secure coding
Phishing attacks surge as criminals exploit trusted platforms in 2025
Singapore public sector eyes AI cost savings amid adoption barriers
Synology unveils PAS7700 NVMe storage to meet AI data surge
Exclusive: Coevolve's Tim Sullivan warns firms on AI connectivity gap