![photo stamp remover license key 2017 blackhat photo stamp remover license key 2017 blackhat](https://cdn.windowsreport.com/wp-content/uploads/2017/12/remove-watermark-windows-archive-1.png)
They also used new, previously unknown malware (for example, ProxyT, BeaconLoader, and DoorMe backdoor).ĭespite the fact that we managed to conduct two successful investigations, we could not unequivocally attribute the attackers to any of the known APT groups. To achieve their goals, the attackers used such well-known malicious programs as FRP, Cobalt Strike Beacon, and Tiny shell. This time, the criminals attacked a Russian company from the aviation production sector, and used a chain of ProxyShell vulnerabilities for penetration. The group compromised a subsidiary and penetrated the target company's network through it.Īfter investigating the first incident, on August 16, 2021, as part of threat intelligence of the newly discovered group, PT ESC specialists detected another successful attack (server compromise), identified a new victim, and notified the affected organization.
![photo stamp remover license key 2017 blackhat photo stamp remover license key 2017 blackhat](https://europepmc.org/articles/PMC6165453/bin/sensors-18-02796-g002.jpg)
To achieve their goal, the attackers used a trending penetration method-supply chain. In addition, the APT group placed SSL certificates that also imitated legitimate ones (,, ) on its servers. They acquired domains that imitate legitimate ones (,, ,, ). We gave the group the name ChamelGang (from the word "chameleon"), because the group disguised its malware and network infrastructure under legitimate services of Microsoft, TrendMicro, McAfee, IBM, and Google. The investigation revealed that the company's network had been compromised by an unknown group for the purpose of data theft. In Q2 2021, the PT Expert Security Center incident response team conducted an investigation in an energy company.