RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

ChamelGang (hacker group)

Company

Content

History

2021: ChamelGang - hacker group attacking Russian fuel and energy systems and the aviation industry

At the end of September 2021, it became known about the appearance of a new hacker group ChamelGang, which is seen in attacks on critical information infrastructure, including in Russia.

According to Kommersant, Positive Technologies specialists investigated incidents in fuel and energy companies and the aviation industry. According to the investigation, the first cyber attacks were recorded in March 2021, hackers are interested in stealing data from compromised networks. In two attacks, hackers were successful.

According to experts, companies in ten countries of the world became victims of ChamelGang attacks. Among them are the USA, Germany and Taiwan. In four of them, hackers compromised government servers.

Hacker group attacking Russian fuel and energy systems and air industry discovered - ChamelGang

In the Russian structures of the fuel and energy complex and the aviation industry, hackers also managed to compromise servers. All companies affected by ChamelGang have received National Emergency Response Teams (CERT) notifications.

ChamelGang got its name (from the English chameleon - "chameleon") due to the use of phishing domains similar to real ones. Attackers register sites that simulate the official services of large international companies - Microsoft, TrendMicro, McAfee, IBM and Google.

Industrial enterprises are not always able to identify a targeted cyber attack and for years may remain in the illusion of security, said Denis Kuvshinov, head of the threat research department of IB Positive Technologies. At the same time, in practice, an attacker in more than 90% of cases can penetrate the enterprise's corporate network, and almost every penetration leads to complete control over the infrastructure of the target organization, he emphasizes.

Attacks on strategically important industrial facilities, including the fuel and energy complex and the aviation industry, are often carried out by cyber mercenaries and pro-government groups, said Igor Zalevsky, head of the Solar JSOC CERT cyber incident investigation department.[1]

Notes