HomeNewsTechEnergy Complex and Aviation industry, a new target for hackers

Energy Complex and Aviation industry, a new target for hackers

-

We independently research, test, review, and recommend the best products—learn more about our process. If you buy something through our links, we may earn a commission. learn more

Last Updated on 22/11/2021 by Anamika

A new Advanced Persistent Threat group called ChamelGang has been targeting the Aviation and Energy Complex industry in Russia.

Reportedly, these attacks are not only limited to Russia, it has been witnessed that the attacks have been occurring in other countries such as India, Nepal, Taiwan, Japan. According to researchers, the government servers are serving as bait for the servers and they are targeting it as well. Attacking UK’s government servers and making them vulnerable might become a possibility for the future.

As per the reports, ChamelGang has been focused on stealing data by making networks vulnerable and recorded its first successful attack in March 2021. Attackers have the capability of penetrating the network successfully and each time they are able to enter into the network, 90% of the time they steal the information, leading to a complete loss for the company including the sensitive information.

According to Infotechlead, ChamelGang had compromised a subsidiary organization using a vulnerable version of a web application on the open-source JBoss Application Server platform. By exploiting vulnerability CVE-2017-12149 (which had been fixed by RedHat more than four years ago), the criminals were able to remotely execute commands on the node.

The parent company was attacked soon after that. The attackers used Remote Desktop Protocol (RDP) to obtain the dictionary password of the local administrator.

The attackers exploited a chain of related vulnerabilities in Microsoft Exchange (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) called ProxyShell. This became public last month, and ever since it has been actively exploited by other APT groups. (Infotechlead)

ChamelGang has also been using a new type of malware known as ProxyT, BeaconLeader, and the DoorMe backdoor. The group also uses better-known variants such as FRP, Cobalt Strike Beacon, and Tiny shell.

Anamika
Anamika
Anamika focuses on data privacy, data policy, digital policies, and puts users' privacy first. She loves exploring new tech and spends time looking around business politics and its impact on users and small businesses.
- Advertisment -

Must Read

edge-ai

Challenges and Opportunities in Deploying AI Solutions in Edge Computing Environments

0
Edge AI is a ground-breaking new paradigm that has the potential to completely change how companies run. Organizations can seize new chances for creativity,...