According to a joint investigation by security analysts from SentinelOne and Recorded Future, a significant ransomware campaign targeted government and critical infrastructure between 2021 and 2023, with new details now coming to light.
The attacks occurred in two distinct clusters. The first cluster, attributed to the group ChamelGang (also known as CamoFei), targeted institutions such as India’s All India Institute of Medical Sciences (AIIMS) and the aviation ministry, as well as the Presidency Hall in Brazil in 2022, using the CatB ransomware. And the second one launched by a group belonging to North Korea and dubbed as Andariel, apparently linked to APT41.
Initially, suspicions pointed towards known groups like BlackCat and LockBit. However, the sophistication of the CamoFei attack allowed it to evade detection by traditional threat intelligence software, masking its origins effectively.
In the past week, the National Health Laboratory Service of South Africa(NHLS) was hit by a ransomware attack that disrupted the testing of blood samples, mainly at the time of Moneypox or Mpox outbreak. The attack was sophisticated enough as the hackers deleted some data sections in the systems, prompting the authorities to take the help of backups for data rebuild. CatB Ransomware first detected by Positive Technologies in the year 2021 is suspected to be behind the incident, though there is no concrete evidence to prove the point, yet.
Security experts at SentinelOne suggest that the attackers may have affiliations with state-sponsored groups, possibly seeking financial gains to support broader geopolitical ambitions, including nuclear programs.
Notably, nations facing international sanctions, such as North Korea under Kim Jong Un’s leadership, have shown interest in using cyber operations to generate revenue despite global efforts to curb such activities. Western nations like the UK and USA continue to impose sanctions and press for cybersecurity measures to counter such threats, highlighting ongoing tensions over cyber warfare and financial exploitation.