Published: December 30, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
The Colonial Pipeline attack brought threat groups into focus for many Americans. It was the largest cyberattack on critical oil infrastructure in U.S. history and a huge wake-up call. In some ways it was like a Hollywood disaster movie come to life, capable of bringing our most basic needs like water, electricity, and fuel to a dead stop. And now, “ChamelGang” APT (advanced persistent threat) group is attacking critical infrastructure in the U.S. and other countries.
This previously unknown APT group was dubbed ChamelGang by Positive Technologies cybersecurity for its chameleon-like ability to disguise “its malware and network infrastructure under legitimate services of Microsoft, TrendMicro, McAfee, IBM, and Google” as lures. But it’s what ChamelGang does with those chameleon capabilities, including successful attacks on critical infrastructure worldwide that many countries are rightly concerned about.
How does this group end up on the networks of these organizations? Most likely via phishing. This is still the top way malware ends up on anything. So, it’s always a good idea to ensure all users on the network are trained in spotting phishing attempts. Ongoing cybersecurity awareness training is your best defense. This should occur on an ongoing basis, as threats, including the ones by this group, tend to evolve over time. New groups appear, seemingly out of nowhere, and threats change. A one and done approach doesn’t cut it these days.
ChamelGang has been identified as the APT behind a string of attacks on fuel, energy, and aviation production industries in Russia, the U.S., India, Nepal, Taiwan, and Japan. According to the Head of Threat Analysis at Positive Technologies, ChamelGang’s critical network data theft “…consequences are serious: Most often such attacks lead to financial or data loss—in 84% of all cases last year, the attacks were specifically created to steal data, and that causes major financial and reputational damage.” For the victimized countries involved, the job of cleaning up from the damage of these attacks can be long and complicated.
Recent research by Positive Technologies finds attackers accessed 91% of industrial organizations’ corporate networks. Knowing this, the full effect of how things will play-out with ChamelGang and other APT groups attacking critical infrastructure worldwide is yet to be seen.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org