A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries – The Hacker News

APT Hacking Group

A previously undocumented threat actor has been identified as behind a string of attacks targeting fuel, energy, and aviation production industries in Russia, the U.S., India, Nepal, Taiwan, and Japan with the goal of stealing data from compromised networks.

Cybersecurity company Positive Technologies dubbed the advanced persistent threat (APT) group ChamelGang — referring to their chameleellonic capabilities, including disguising “its malware and network infrastructure under legitimate services of Microsoft, TrendMicro, McAfee, IBM, and Google.”

Automatic GitHub Backups

“To achieve their goal, the attackers used a trending penetration method—supply chain,” the researchers said of one of the incidents investigated by the firm. “The group compromised a subsidiary and penetrated the target company’s network through it. Trusted relationship attacks are rare today due to the complexity of their execution. Using this method […], the ChamelGang group was able to achieve its goal and steal data from the compromised network.”

Intrusions mounted by the adversary are believed to have commenced at the end of March 2021, with later attacks in August leveraging what’s called the ProxyShell chain of vulnerabilities affecting Microsoft Exchange Servers, the technical details of which were first revealed at the Black Hat USA 2021 security conference earlier that month.

Microsoft

The attack in March is also notable for the fact that the operators breached a subsidiary organization to gain access to an unnamed energy company’s network by exploiting a flaw in Red Hat JBoss Enterprise Application (CVE-2017-12149) to remotely execute commands on the host and deploy malicious payloads that enable the actor to launch the malware with elevated privileges, laterally pivot across the network, and perform reconnaissance, before deploying a backdoor called DoorMe.

“The infected hosts were controlled by the attackers using the public utility FRP (fast reverse proxy), written in Golang,” the researchers said. “This utility allows connecting to a reverse proxy server. The attackers’ requests were routed using the socks5 plugin through the server address obtained from the configuration data.”

Enterprise Password Management

On the other hand, the August attack against a Russian company in the aviation production sector involved the exploitation of ProxyShell flaws (CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207) to drop additional web shells and conduct remote reconnaissance on the compromised node, ultimately leading to the installation of a modified version of the DoorMe implant that comes with expanded capabilities to run arbitrary commands and carry out file operations.

“Targeting the fuel and energy complex and aviation industry in Russia isn’t unique — this sector is one of the three most frequently attacked,” Positive Technologies’ Head of Threat Analysis, Denis Kuvshinov, said. “However, the consequences are serious: Most often such attacks lead to financial or data loss—in 84% of all cases last year, the attacks were specifically created to steal data, and that causes major financial and reputational damage.”

Source of this news: https://thehackernews.com/2021/10/a-new-apt-hacking-group-targeting-fuel.html

Related posts:

wifi signal strength reduced sharply. aerial? - Internal Hardware - BleepingComputer
Yesterday morning all of a sudden sites were taking a long time to load, and then, when it was taking a long time to copy between this pc and another on the home network I twigged that the signal str...
Fix Epic Games connection error, issues and problems on Windows 11/10 - TWCN Tech News
This post lists some general fixes for Epic Games connection errors, issues and problems on Windows 11/10. You may, sometimes, encounter connection issues while playing Fortnite or signing into the E...
5 Reasons to use proxies with sneaker bots - Business MattersBusiness Matters
@media screen and (min-width: 1201px) { .tzdlt60e2cb5b3eedc { display: none; } } @media screen and (min-width: 993px) and (max-width: 1200px) { .tzdlt60e2cb5b3eedc { display: none; } } @media screen...
Littoral Combat Teams Need Light Infantry, Not Less | - USNI News
The Marine Corps continues to evolve to deter and, if necessary, defeat Chinese aggression in the Pacific. Force Design 2030 has placed a new emphasis on Marines as forward sensors for maritime and l...
What to do if the camera keeps spinning in Valheim - WindowsReport.com
by Sinziana Mihalache Author Sînziana loves getting people to better understand products, processes, and experiences beyond a simple user guide, either in writing or making use of images...
A solar C/O and sub-solar metallicity in a hot Jupiter atmosphere - Nature.com
1.Mordasini, C., van Boekel, R., Molliere, P., Henning, T. & Benneke, B. The imprint of exoplanet formation history on observable present-day spectra of hot Jupiters. Astrophys. J. 832, 41 (2016)...
Solution: Cannot add PPA: "This PPA does not support focal" in Linux Mint 20 - Linux News - BollyIns...
If you are adding PPA repo in Linux mint 20.02 and getting an error Cannot add PPA: ”This PPA does not support focal”. Then follow the simple command given in the article that will solve this error.I...
What Does iCloud Private Relay Is Active Mean on iPhone - Guiding Tech
With add-ons like Hide My Email and iCloud Private Relay in iOS 15, Apple is doubling down on its privacy stance for users. Following the iOS 15 update, you might notice iCloud Private Relay is activ...
Load Balancer Market Research Report 2021, Size, Share, Growth and Forecast to 2026 - EIN News
Load Balancer Market Report SHERIDAN, WYOMING, UNITED STATES, November 1, 2021 /EINPresswire.com/ -- According to the latest report by IMARC Group, titled “Load Balancer Market: Global Industry Trend...
Email Ad Monetization Will Get Harder With iOS 15 - AdExchanger
"The Sell Sider" is a column written by the sell side of the digital media community. Today’s column is written by Chris Shuptrine, VP of marketing for Kevel. Email ad monetization will forever...
Russia's Communications Ministry Explains Move to Lift Telegram Ban - Caspian News
Alexey Volin, Russian Deputy Minister of Digital Development, Communications and Mass Media, has shed some light on the government's recent decision to lift a two-year ban on the popular messaging ap...
The Vatican's Copyright Infringement Suit; Art Infringement - The National Law Review
Friday, June 18, 2021 Street artist Alessia Babrow has sued the Vatican, alleging that the Philatelic and Numismatic Office of the Vatican City State copied her artwork without her permission ...
The best way to Connect to Localhost Within a Docker Container - How-To Nerd
When working with Docker, you usually containerize the services exactly who form your stack and moreover use inter-container networking to be able to communicate between them. Sometimes you must ...
How can i Access Blocked Websites almost everywhere and for Free - BollyInside
This lesson is about the How to Find out Blocked Websites anywhere for Free. We will try our best so that you will understand this guide. I hope you enjoy this blog How to Access Blocked Online...
Fix Outlook crashes when creating a new profile - TheWindowsClub
Some Windows users that have Microsoft 365 or Microsoft Office installed on their Windows 11 or Windows 10 computer may encounter the issue whereby Outlook crashes when creating a new profile. If you...
Marketing information Center Servers for Dummies ~ Times Square Chronicles you would like to Times S...
Data Central Servers for Dummies Data server focus are physical storage areas where all the components which have been critical to running features and string data seem to be hous...
ODVA Announces CIP Security Enhancements to Support Resource-constrained ETHERNET/IP Devices - IEN E...
On April 12, following the ODVA press conference, the organization announced a batch of three exciting news including the extension of EtherNet/IP network to in-cabinet resource-constr...
Working with HTTP/2 in Burp Suite - The Daily Swig
PROFESSIONALCOMMUNITY Many servers now support HTTP/2. This exposes them to potential vulnerabilities that are impossible to test for using tools that only speak HTTP/1. Burp Suite provides unrivale...

IP Rotating Proxy Onsale

SPECIAL LIMITED TIME OFFER

00
Months
00
Days
00
Hours
00
Minutes
00
Seconds
First month free with coupon code FREE30