The healthcare industry has become increasingly important to a country's overall well-being, especially after the COVID-19 pandemic. Unfortunately, the healthcare sector has also become a target for cybercriminals and Advanced Persistent Threat (APT) groups. These threat actors were particularly interested in targeting patients' personal information and confidential information such as vaccine development. One such group that has been making such a ruckus is the APT group CamoFei, better known as Chamelgang. In recent years, CamoFei has operated relatively unnoticed for several years. It gained notoriety after PT Security published a report back in September 2021, indicating that the group was specifically targeting Russia. Since then, the threat group has started focusing on Taiwan, performing spear-phishing attacks against multiple organizations whilst carrying large-scale attacks against multiple Taiwanese healthcare and government agencies. During our presentation, we will analyze CamoFei's Tactics, Techniques, and Procedures (TTPs), and the custom malware CamoFei had developed. We will also present several case studies highlighting the attack methods that CamoFei has employed against various healthcare and governmental organizations. By the end of the talk, the healthcare organizations and all the targeted organizations can use our mitigation and detection methods regarding the attacks.
Still is a cyber-threat intelligence researcher at TeamT5. They are highly passionate and active in community discussion surrounding topics of malware and APTs. Specifically, Still is very outspoken and loves to teach students how to get started in malware research and reverse engineering. Despite their English bachelor background, Still has become one of the core members of the malware research team at TeamT5.
廖子慶 (DuckLL) 目前在 TeamT5 擔任威脅情資研究員,主要研究領域包含威脅情資、惡意程式分析,曾在 Black Hat Asia, HITB, CODE BLUE 等國際研討會發表相關研究。熱衷參與資安社群活動,曾擔任 AIS3、台灣好厲駭的講師,也是 UCCU Hacker 的核心成員。