• Home
  • Breach
  • Russian government agencies and industrial entities
Breach cyber

Russian government agencies and industrial entities

Oct 24, 2024 1 min read
Russian government agencies and industrial entities

The Russian government agencies and industrial entities were targeted by the APT group Awaken Likho, resulting in the deployment of a new implant delivered via phishing for remote system control. The attackers established persistent access through scheduled tasks and utilized the MeshCentral platform, suggesting potential access to sensitive state-operated infrastructure, with risks of espionage, data exfiltration, or operational disruption. The extent of the damage and loss, including whether confidential information was compromised, is not specified. Continuing attacks by the group indicate an ongoing threat to these entities.

Source: https://securityaffairs.com/169563/apt/awaken-likho-apt-group-target-russia.html

TPRM report: https://scoringcyber.rankiteo.com/company/bureau-of-industry-and-security-u-s-department-of-commerce

"id": "bur001102424",
"linkid": "bureau-of-industry-and-security-u-s-department-of-commerce",
"type": "Breach",
"date": "10/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'location': 'Russia',
                        'type': ['government agencies',
                                 'industrial entities']}],
 'attack_vector': ['phishing', 'scheduled tasks', 'MeshCentral platform'],
 'description': 'The Russian government agencies and industrial entities were '
                'targeted by the APT group Awaken Likho, resulting in the '
                'deployment of a new implant delivered via phishing for remote '
                'system control. The attackers established persistent access '
                'through scheduled tasks and utilized the MeshCentral '
                'platform, suggesting potential access to sensitive '
                'state-operated infrastructure, with risks of espionage, data '
                'exfiltration, or operational disruption. The extent of the '
                'damage and loss, including whether confidential information '
                'was compromised, is not specified. Continuing attacks by the '
                'group indicate an ongoing threat to these entities.',
 'initial_access_broker': {'entry_point': 'phishing'},
 'motivation': ['espionage', 'data exfiltration', 'operational disruption'],
 'threat_actor': 'Awaken Likho',
 'title': 'Awaken Likho APT Group Targets Russian Government Agencies and '
          'Industrial Entities',
 'type': 'APT'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.