lazarusholic

Everyday is lazarus.dayβ

ChamelGang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware

2024-06-26, SentinelOne
https://www.sentinelone.com/labs/chamelgang-attacking-critical-infrastructure-with-ransomware/
S1_-SentinelLabs_ChamelGang_Final.pdf, 7.8 MB
#Suspicious #Andariel

Contents

Executive Summary
- Threat actors in the cyberespionage ecosystem are engaging in an increasingly disturbing trend of using ransomware as a final stage in their operations for the purposes of financial gain, disruption, distraction, misattribution, or removal of evidence.
- This report introduces new findings about notable intrusions in the past three years, some of which were carried out by a Chinese cyberespionage actor but remain publicly unattributed.
- Our findings indicate that ChamelGang, a suspected Chinese APT group, targeted the major Indian healthcare institution AIIMS and the Presidency of Brazil in 2022 using the CatB ransomware. Attribution information on these attacks has not been publicly released to date.
- ChamelGang also targeted a government organization in East Asia and critical infrastructure sectors, including an aviation organization in the Indian subcontinent.
- In addition, a separate cluster of intrusions involving off-the-shelf tools BestCrypt and BitLocker have affected a variety of industries in North America, South …