Security News > 2021 > October > New APT ChamelGang Targets Russian Energy, Aviation Orgs

New APT ChamelGang Targets Russian Energy, Aviation Orgs
2021-10-01 12:36

Though attackers mainly have been seen targeting Russian organizations, they have attacked targets in 10 countries so far, researchers said in a report by company researchers Aleksandr Grigorian, Daniil Koloskov, Denis Kuvshinov and Stanislav Rakovsky published online Thursday.

ChamelGang - like Nobelium and REvil before it - has hopped on the bandwagon of attacking the supply chain first to gain access to its ultimate target, they said.

The first investigation was triggered after a Russia-based energy company's antivirus protection repeatedly reported the presence of the Cobalt Strike Beacon in RAM. Attackers gained access to the energy company's network through the supply chain, compromising a vulnerable version of a subsidiary company's web application on the JBoss Application Server.

The second attack was on an organization from the Russian aviation production sector, researchers said.

"According to our data, the APT group did not expect that its backdoors would be detected so quickly, so it did not have time to develop the attack further."

Further threat intelligence following the investigation into attacks on the Russian companies revealed that ChamelGang's activity has not been limited to that country.


News URL

https://threatpost.com/apt-chamelgang-targets-russian-energy-aviation/175272/