The healthcare industry has become increasingly important to a country’s overall well-being, especially after the COVID-19 pandemic. Unfortunately, the healthcare sector has also become a target for cybercriminals and Advanced Persistent Threat (APT) groups. These threat actors were particularly interested in targeting patients’ personal information and confidential information such as vaccine development. One such group that has been making such a ruckus is the APT group CamoFei, better known as Chamelgang.

In recent years, CamoFei has operated relatively unnoticed for several years. It gained notoriety after PT Security published a report back in September 2021, indicating that the group was specifically targeting Russia and Japan. Since then, the threat group has started focusing on Taiwan, performing spear-phishing attacks against multiple organizations whilst carrying large-scale attacks against multiple Taiwanese healthcare and government agencies.

During our presentation, we will analyze CamoFei’s Tactics, Techniques, and Procedures (TTPs), and the custom malware CamoFei had developed. We will also present several case studies highlighting the attack methods that CamoFei has employed against various healthcare and governmental organizations. By the end of the talk, the healthcare organizations and all the targeted organizations can use our mitigation and detection methods regarding the attacks.