Lumma Stealer spread by reemergent Angry Likho APT

High-profile organizations in Russia and Belarus have been mainly subjected to attacks with the Lumma Stealer malware conducted by the returning Angry Likho APT as part of a campaign that also targeted other countries, Hackread reports.

Angry Likho, also known as Sticky Werewolf, commenced intrusions against government agencies, contractors, and other major organizations with the delivery of spear-phishing emails with malicious RAR attachments that triggered compromise with Lumma Stealer, which facilitated the exfiltration of system data, software information, personal details, browser-stored data, and cryptocurrency wallets, according to an analysis from Kaspersky.

Additional findings revealed the deployment of Lumma Stealer through the novel FrameworkSurvivor.exe self-extracting archive developed with the Nullsoft Scriptable Install System.

Such a development comes after Angry Likho was reported by Russian cybersecurity company F6 to have leveraged image files, new command servers, and more than 60 implants in its new attacks, indicating the APT's move toward increasingly covert operations.