Chamelgang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware

June 26, 2024, 5:55 p.m.

Tags
ransomware
cobalt strike
icedid
bitlocker
2024-06-26
china chopper
wiper
conti
chamelgang
bestcrypt
beaconloader
silver sparrow
External References
Description

In collaboration with Recorded Future, SentinelLabs has been tracking two distinct activity clusters targeting government and critical infrastructure sectors globally between 2021 and 2023.

Date

Published: June 26, 2024, 5:32 p.m.

Created: June 26, 2024, 5:32 p.m.

Modified: June 26, 2024, 5:55 p.m.

Indicators

cf2b73f77761f4441f9c31512d58709f5d9d59eef6514857a5e37b8c4e956c3a

8679c9e96394c39fa5eeb277a7e28313ef502be5d8401c43fa9955820962add0

806761850d19f0cc9f41618e74db471e85c494e952f900f827c1779f2d1c4d31

7604e9ecedf298907e537e50b9c74006640561b32265c3ebba38e587166f67ab

49292dd838429bcf4aaf77ff6960156edaf1ec094ee4e6b9863c5d5fc9d32279

9990388776daa57d2b06488f9e2209e35ef738fd0be1253be4c22a3ab7c3e1e2

bc1qakuel0s4nyge9rxjylsqdxnn9nvyhc2z6k27gz

185.225.19.61

Download all indicators here!

Attack Patterns

ChamelGang

T1022

T1574.001

T1112

Additional Informations

Government

Critical Infrastructure