216.73.216.86

Analyzing the Awaken Likho APT group implant: new tools and techniques

· Published 07/10/2024 10:46 · Modified 07/10/2024 13:03

Export JSON

Essential information

Published
07/10/2024 10:46
Modified
07/10/2024 13:03
Tags
2024-10-07 apt meshagent meshcentral phishing
Related entities
1 intrusion sets (apt), 8 techniques (mitre), 1 malware, 3 others

Description

A new campaign by the Awaken Likho group targeting Russian government agencies and industrial enterprises was discovered in June 2024. The group has significantly changed its attack methods, now preferring the platform agent instead of UltraVNC for remote access. The implant is delivered via malicious URLs, likely through emails. The new implant uses a self-extracting archive containing multiple files, including a executable and various command scripts. These components work together to establish persistence and maintain connection with the attackers' command and control server. The group's focus remains on Russian targets, and their tactics continue to evolve.

External references