Cybersecurity experts have discovered a new hacker group ChamelGang, which attacks institutions in ten countries around the world, including Russia. Since March, Russian companies in the fuel and energy sector and the aviation industry have been targeted, at least two attacks have been successful. Experts believe that pro-government groups may be behind the attacks.
According to Positive Technologies, the first attacks were recorded in March. Hackers are interested in stealing data from compromised networks.
India, the United States, Taiwan and Germany were also victims of the attacks. Compromised government servers were discovered in those countries.
The new group was named ChamelGang from the word chameleon, as hackers disguise malware and network infrastructure as legitimate services. The grouping tools include the new, previously undescribed ProxyT malware, BeaconLoader and the DoorMe backdoor, which allows a hacker to gain access to the system.
In one of the attacks, the hackers first attacked the subsidiary, and two weeks later, the parent company. They found out the password of the local administrator on one of the servers and penetrated the company’s network using the Remote Desktop Protocol (RDP). Hackers remained undetected on the corporate network for three months and during that time gained control over most of the network, including critical servers and nodes.
In the second attack in August, attackers took advantage of a chain of related vulnerabilities in Microsoft Exchange to penetrate the infrastructure. Hackers were in the organization’s infrastructure for eight days and did not have time to cause significant damage.
Kaspersky Lab cybersecurity expert Alexey Shulmin confirmed the targeted nature of the attack and the wide geography of victims. He added that some grouping utilities have an interface in Chinese.
Experts believe that attacks on strategically important industrial facilities, including the fuel and energy sector and the aviation industry, are often carried out by cyber mercenaries and pro-government groups.