In July 2021, a campaign was launched primarily targeting Russian government agencies and industrial enterprises. Shortly after the campaign started, Kaspersky began tracking it, and published three reports in August and September 2024 through their threat research subscription on the threat actor they named Awaken Likho (also named by other vendors as Core Werewolf).
While investigating the activity of this APT group, Kaspersky researchers discovered a new campaign that began in June 2024 and continued at least until August. Analysis of the campaign revealed that the attackers had significantly changed the software they used in their attacks. The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems. The group remains focused on targeting Russian government organizations and enterprises.
Read more…
Source: kaspersky
Related:
- Russia-Linked Sofacy Debuts Fresh Zebrocy Malware Variant
December 18, 2018
The group continues to evolve its custom malware in an effort to evade detection. The Zebrocy trojan – a custom downloader malware used by Russia-linked APT Sofacy (a.k.a. APT28, Fancy Bear or Sednit) – has a new variant. While it’s functionally much the same as its other versions, the new code was written using the Go ...
- Charming Kitten Iranian Espionage Campaign Thwarts 2FA
December 17, 2018
The campaign targets politicians involved in economic and military sanctions against Iran, along with various journalists and human rights activists. A range of political and civil society targets are under fire in an APT attack dubbed the Return of Charming Kitten. The campaign has been tailored to get around two-factor authentication in order to compromise email ...
- Fileless GandCrab As Seen by SandBlast Agent
December 17, 2018
January 2018 saw the debut of the GandCrab ransomware, a well-known malware that is distributed on the Dark Web which targets mainly Scandinavian and English-speaking countries. In addition, the GandCrab Affiliate Program offers low skilled threat actors the opportunity to run their own ransomware campaigns. Delivered mainly through email spam engines, affiliates are also provided with advice and ...
- Cybercriminals Use Malicious Memes that Communicate with Malware
December 14, 2018
Steganography, or the method used to conceal a malicious payload inside an image to evade security solutions, has long been used by cybercriminals to spread malware and perform other malicious operations. We recently discovered malicious actors using this technique on memes. The malware authors have posted two tweets featuring malicious memes on October 25 and 26 ...
- Electric Vehicle Charging Stations Open to IoT Attacks
December 14, 2018
Flaws could allow an attacker to stop or start a home charging station, or even change the current in order to start a fire. Given that creating proof-of-concept (PoC) cyberattacks for the Internet of Things (IoT) is essentially like shooting fish in a barrel these days, perhaps it’s not exactly surprising that a new niche category ...
- LCG Kit: Sophisticated builder for Malicious Microsoft Office Documents
December 13, 2018
Proofpoint researchers discovered “LCG Kit,” a weaponized document builder service, in March 2018. Since we began tracking LCG Kit, we have observed it using the Microsoft Equation Editor CVE-2017-11882 , which has been used used in limited email campaigns. ...