In July 2021, a campaign was launched primarily targeting Russian government agencies and industrial enterprises. Shortly after the campaign started, Kaspersky began tracking it, and published three reports in August and September 2024 through their threat research subscription on the threat actor they named Awaken Likho (also named by other vendors as Core Werewolf).
While investigating the activity of this APT group, Kaspersky researchers discovered a new campaign that began in June 2024 and continued at least until August. Analysis of the campaign revealed that the attackers had significantly changed the software they used in their attacks. The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems. The group remains focused on targeting Russian government organizations and enterprises.
Read more…
Source: kaspersky
Related:
- New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data
November 3, 2018
A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled. The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other dangerous side-channel vulnerabilities ...
- Researchers find Stuxnet, Mirai, WannaCry lurking in industrial USB drives
November 1, 2018
Removal storage and USB thumb drives are a serious security incident waiting to happen, new research suggests. When we consider threats to our industrial systems, specifically crafted malware, such as the Industroyer strain which cut off the power to the city of Kiev in Ukraine for an hour, often comes to mind. Industrial players have a problem. Many ...
- Two Zero-Day Bugs Open Millions of Wireless Access Points to Attack
November 1, 2018
Two zero-day vulnerabilities in Bluetooth Low-Energy chips made by Texas Instruments (and used in millions of wireless access points) open corporate networks to crippling stealth attacks. Adversaries can exploit the bugs by simply being approximately 100 to 300 feet from the vulnerable devices. A compromised access point can then lead to an attacker taking control of ...
- Utilities, Energy Sector Attacked Mainly Via IT, Not ICS
November 1, 2018
Stealing administrative credentials to carry out months-long spy campaigns is a top threat. While industrial control systems (ICS) are the most talked-about when it comes to cyberattacks against energy and utilities firms, most attacks actually take aim at the enterprise IT networks used by these organizations, rather than critical infrastructure itself. The Vectra 2018 Spotlight Report on Energy and ...
- New Stuxnet Variant Allegedly Struck Iran
October 31, 2018
A malware similar in nature to Stuxnet but more aggressive and sophisticated allegedly hit the infrastructure and strategic networks in Iran. Details about the supposed new attack are superficial at the moment, as there are no details about the supposed attack, the damage it caused or its targets. A report on Wednesday from Israeli evening news bulletin ...
- Emotet malware gang is mass-harvesting millions of emails in mysterious campaign
October 31, 2018
A notorious malware family that has been on a resurgent path since last year has received a major update this week that will send shivers down any organization’s back. According to a report from Kryptos Logic shared earlier today with ZDNet, the Emotet malware family has started mass-harvesting full email messages from infected victims, starting yesterday. The Emotet group ...