Infoblox Threat Intel (ITI), together with the United Nations Office on Drugs and Crime (UNODC), has linked BBIN aka Baoying Group, one of Asia’s largest iGaming providers, through interlocking corporate ownership structures and affiliations to cyber-enabled fraud, illegal online gambling, and organized crime in Southeast Asia. At the heart of ITI’s research is the Universe Browser, advertised as a privacy tool for gamblers seeking to evade censorship. But in fact, it’s the perfect tool for covert surveillance and potential exploitation of players.
ITI uses the actor name “Vault Viper” to refer to a conglomeration of commercial entities and known criminal endeavors spread around the world, centered around BBIN, and worth tens of millions of dollars. The actor is responsible for the creation and operation of the Universe Browser.
DNS analysis from Infoblox reveals tens of thousands of domains tied to Vault Viper’s vast infrastructure, exposing a unique DNS fingerprint and operational control over their own corner of the internet.
Key Findings
- Privacy Promise, Risky Reality: The browser developed by Vault Viper, Universe Browser, claims to protect users, but can covertly install software consistent with surveillance, credential theft, and remote access.
- Massive Infrastructure: Vault Viper controls tens of thousands of domains sharing a specific DNS fingerprint. Infoblox Threat Intel unravelled the group’s entire online infrastructure and revealed they directly control an ASN and several large companies.
- Casino & Crime Connections: By following a DNS trail spanning two decades, Infoblox researchers found that Vault Viper overlaps largely with BBIN – also known as Baoying Group – which is also linked to dozens of commercial ventures from airlines to casinos to IT companies
- Defying Bans: Even after offshore gambling was outlawed in the Philippines, Vault Viper continues to operate, serving illegal casinos based in Cambodia.
Vault Viper isn’t just a tech problem—it’s a global crime story. By exposing this operation, Infoblox aims to help law enforcement, businesses, and everyday internet users stay one step ahead of the bad guys. The convergence of cybercrime and organized crime is real, and it’s happening right now.
