[threat-actors] Add Chamelgang

2024-11-22 23:07:19 +00:00 · 2023-03-01 15:40:23 -08:00 · 2023-03-01 15:40:23 -08:00 · fa57354471
commit fa57354471
parent bff978e4d1
1 changed files with 38 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -10405,6 +10405,44 @@
      ],
      "uuid": "c1d44f44-425e-48fd-b78b-84b988da8bc3",
      "value": "TA453"
+    },
+    {
+      "description": "In Q2 2021, the PT Expert Security Center incident response team conducted an investigation in an energy company. The investigation revealed that the company's network had been compromised by an unknown group for the purpose of data theft. They gave the group the name ChamelGang (from the word \"chameleon\"), because the group disguised its malware and network infrastructure under legitimate services of Microsoft, TrendMicro, McAfee, IBM, and Google.",
+      "meta": {
+        "cfr-suspected-victims": [
+          "India",
+          "Japan",
+          "Nepal",
+          "Russia",
+          "Taiwan",
+          "US"
+        ],
+        "cfr-target-category": [
+          "Aviation",
+          "Energy"
+        ],
+        "references": [
+          "https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "b91e1d34-cabd-404f-84d2-51a4f9840ffb",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "1a1d3ea4-972e-4c48-8d85-08d9db8f1550",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "uses"
+        }
+      ],
+      "uuid": "eafdd27f-a3e2-4bb1-ae03-bf9ca5ff0355",
+      "value": "Chamelgang"
    }
  ],
  "version": 260