In July 2021, a campaign was launched primarily targeting Russian government agencies and industrial enterprises. Shortly after the campaign started, Kaspersky began tracking it, and published three reports in August and September 2024 through their threat research subscription on the threat actor they named Awaken Likho (also named by other vendors as Core Werewolf).
While investigating the activity of this APT group, Kaspersky researchers discovered a new campaign that began in June 2024 and continued at least until August. Analysis of the campaign revealed that the attackers had significantly changed the software they used in their attacks. The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems. The group remains focused on targeting Russian government organizations and enterprises.
Read more…
Source: kaspersky
Related:
- macOS users targeted by new Lazarus attack
August 23, 2018
If you’re into cryptocurrency trading, you might want to pay attention, because a new malware is making rounds that’s stealing people’s money from crypto exchanges. And no, macOS is not safe either, there’s a version for Apple’s operating system, as well. Kaspersky Lab’s researchers from the Global Research and Analysis Team (GReAT) announced they discovered malware dubbed AppleJeus. In ...
- AdvisorsBot Downloader Emerges in Raft of Malware Campaigns
August 23, 2018
A tricky downloader has hit the scene in a series of campaigns targeting restaurants, hotels and telecommunications companies. A new downloader was disclosed today, sporting significant anti-analysis features and increasingly sophisticated distribution techniques. Researchers at Proofpoint have been tracking the downloader as a first-stage payload in campaigns since May 2018. Dubbed AdvisorsBot (due to early command-and-control domains, ...
- New Attack Recovers RSA Encryption Keys from EM Waves Within Seconds
August 22, 2018
A research paper presented at the Usenix security conference last week detailed a new technique for retrieving encryption keys from electronic devices, a method that is much faster than all previously known techniques. The approach relies on recording electromagnetic (EM) emanations coming off a device as it performs an encryption or decryption operation. Read more… Source: Bleeping Computer
- New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers
August 22, 2018
Semmle security researcher Man Yue Mo has disclosed a critical remote code execution vulnerability in the popular Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers. Apache Struts is an open source framework for developing web applications in the Java programming language and is widely used by enterprises globally, ...
- Retro tech leaves NHS open to cyber-attacks, say researchers
August 20, 2018
Hackers could gain access to NHS networks by exploiting vulnerabilities in fax machines, security researchers have suggested. Staff at Check Point Software discovered exploits in widely-used fax machines that enable hackers to spread malware through a malicious image file. Malware can be coded into the image file which, when decoded by the fax machine and uploaded to its ...
- Cyber security threat to Britain’s oil and gas sites as attack could cause ‘unprecedented damage’
August 17, 2018
Brian Lord OBE says a successful attack on its infrastructure could cause “unprecedented damage” and “unrest across the world”. With a complex ecosystem of computation, networking, and physical operational processes spread around the world the industry has a large attack surface with many attack vectors. A typical large oil and gas company uses half a million processors ...