June 26, 2024 at 06:10AM
A China-backed APT group, ChamelGang, has been using ransomware to hide its cyberespionage operations for three years. Recently targeting critical infrastructure in East Asia and India, the group’s tactic aims to provide deniability and cover tracks while exfiltrating data. ChamelGang’s focus on data theft and cyberespionage is attributed to geopolitical tensions and technological competition.
Based on the meeting notes, it’s clear that ChamelGang, a likely China-backed advanced persistent threat (APT) group, has been using ransomware to disguise its prolific cyberespionage operations for the past three years. This group has recently targeted critical infrastructure organizations in East Asia and India, including an aviation organization in the Indian subcontinent and the All India Institute of Medical Sciences (AIIMS).
ChamelGang has been using a ransomware tool called CatB to distract from and conceal its cyberespionage focus. In addition, the group’s operations are noteworthy for using ransomware to conveniently cover their tracks by destroying evidence of data theft activities.
The threat actor is primarily focused on targets in the government sector, healthcare, telecommunications, energy, water, and high-tech sectors. The recent focus on East Asia and the Indian subcontinent is believed to be a result of geopolitical tensions, regional rivalries, and a race for technological and economic superiority.
It is also important to note that ChamelGang’s interest in conducting both cyberespionage and financially motivated activities, including collecting ransom, depends on their objectives when targeting an organization.
Overall, the meeting notes highlight the significance of ChamelGang’s use of ransomware as a disguise for cyberespionage and the potential implications for government and critical infrastructure organizations.