Positive Technologies researchers have uncovered a new APT group that’s attacked organizations in 10 countries, including the U.S., targeting government servers and the fuel and energy complex and aviation industry in Russia.
And since the group has started exploiting ProxyShell vulnerabilities in attacks to infect Microsoft Exchange, it’s possible that vulnerable servers in the UK could be affected in the future as well.
Dubbed ChamelGang, the criminal group is focused on stealing data, using trusted relationship attacks to achieve their goals – where criminals hack third-party companies whose employees have legitimate access to the victim's resources.
In one case, ChamelGang remained unnoticed in an energy company’s corporate network for three months, and eventually gained control over most of it.
During their investigations, researchers also discovered new strains of malware being used by the group, including ProxyT, BeaconLoader, and DoorMe, a backdoor that significantly complicates detection of the criminal group.
Although Positive Technologies researchers haven’t yet linked ChamelGang to any specific country, it’s worth noting that the group’s techniques are quite complex and also used by pro-government groups.
Read more of the technical research: https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/