Threat Intelligence, Malware

Awaken Likho APT leverages new tools in recent attacks against Russia

Share
(Adobe Stock)

More advanced tools have been utilized by advanced persistent threat operation Awaken Likho, also known as PseudoGamaredon and Core Werewolf, in intrusions against Russian government agencies and their contractors, as well as the country's industrial organizations in an attack campaign that ran from June to August, The Hacker News reports.

Awaken Likho's new intrusions involved the stealthy deployment of UltraVNC for breached host takeovers through a 7-Zip-based self-extracting archive file that executes an AutoIT script-unpacking file before launching the MeshAgent remote management tool, which is a change from the group's previous attacks that mostly entailed the distribution of UltraVNC via Microsoft Word and PDF document-spoofing executables, a report from Kaspersky revealed. "These actions allow the APT to persist in the system: the attackers create a scheduled task that runs a command file, which, in turn, launches MeshAgent to establish a connection with the MeshCentral server," said Kaspersky.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.