A new APT group has emerged that is specifically targeting the fuel, energy, and aviation industries in Russia via exploiting known vulnerabilities like the Microsoft Exchange Server’s ProxyShell and leveraging existing malware. The group first appeared in March, according to researchers, and has targeted entities in ten countries although they remain focused on Russia. Researchers at Positive Technologies have been tracking the group, referred to as ChamelGang, since March. Positive Technologies published a report pertaining to their findings on ChamelGang last Thursday.
The APT avoids detection by hiding its malware and network infrastructure under legitimate services of established companies such as Microsoft, TrendMicro, McAfee, IBM, and Google. ChamelGang has joined other APTs in the technique of attacking the supply chain first to gain access to the end target.
Read More: New APT ChamelGang Targets Russian Energy, Aviation Orgs