The threat actor known asChamelGanghas been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actor’s capabilities. The malware, dubbedChamelDoHby Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS (DoH) tunneling. ChamelGang wasfirst outedby Russian cybersecurity firm Positive Technologies in September 2021,