[BreachExchange] Cybersecurity experts have discovered a new hacker group

[Sophia Kingsbury]

https://www.ehackingnews.com/2021/09/cybersecurity-experts-have-discovered.html

Cybersecurity experts have discovered a new hacker group ChamelGang, which
attacks institutions in ten countries around the world, including Russia.
Since March, Russian companies in the fuel and energy sector and the
aviation industry have been targeted, at least two attacks have been
successful. Experts believe that pro-government groups may be behind the
attacks.

According to Positive Technologies, the first attacks were recorded in
March. Hackers are interested in stealing data from compromised networks.

India, the United States, Taiwan and Germany were also victims of the
attacks. Compromised government servers were discovered in those countries.

The new group was named ChamelGang from the word chameleon, as hackers
disguise malware and network infrastructure as legitimate services. The
grouping tools include the new, previously undescribed ProxyT malware,
BeaconLoader and the DoorMe backdoor, which allows a hacker to gain access
to the system.

In one of the attacks, the hackers first attacked the subsidiary, and two
weeks later, the parent company. They found out the password of the local
administrator on one of the servers and penetrated the company's network
using the Remote Desktop Protocol (RDP). Hackers remained undetected on the
corporate network for three months and during that time gained control over
most of the network, including critical servers and nodes.

In the second attack in August, attackers took advantage of a chain of
related vulnerabilities in Microsoft Exchange to penetrate the
infrastructure. Hackers were in the organization's infrastructure for eight
days and did not have time to cause significant damage.

Kaspersky Lab cybersecurity expert Alexey Shulmin confirmed the targeted
nature of the attack and the wide geography of victims. He added that some
grouping utilities have an interface in Chinese.

Experts believe that attacks on strategically important industrial
facilities, including the fuel and energy sector and the aviation industry,
are often carried out by cyber mercenaries and pro-government groups.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211001/1afb9e18/attachment.html>