Russian government agencies and industrial entities

Russian government agencies and industrial entities

The Awaken Likho APT group, also known as Core Werewolf and PseudoGamaredon, launched a targeted campaign using a new implant to infiltrate Russian government entities and enterprises. This campaign utilized phishing emails with malicious URLs to distribute the MeshAgent tool, enabling remote system control. An SFX archive concealed the attack by displaying a decoy document while setting up the MeshAgent to maintain a persistent connection with the attackers' server. This allowed for continuous remote access, compromising the integrity of the targeted systems. The attack underscores the evolving threat tactics and sophistication of the APT group.

Source: https://securityaffairs.com/169563/apt/awaken-likho-apt-group-target-russia.html

TPRM report: https://scoringcyber.rankiteo.com/company/defense-security-cooperation-agency

"id": "def000101524",
"linkid": "defense-security-cooperation-agency",
"type": "Cyber Attack",
"date": "10/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'location': 'Russia',
                        'type': ['Government', 'Enterprise']}],
 'attack_vector': 'Phishing emails with malicious URLs',
 'description': 'The Awaken Likho APT group, also known as Core Werewolf and '
                'PseudoGamaredon, launched a targeted campaign using a new '
                'implant to infiltrate Russian government entities and '
                'enterprises. This campaign utilized phishing emails with '
                'malicious URLs to distribute the MeshAgent tool, enabling '
                'remote system control. An SFX archive concealed the attack by '
                'displaying a decoy document while setting up the MeshAgent to '
                "maintain a persistent connection with the attackers' server. "
                'This allowed for continuous remote access, compromising the '
                'integrity of the targeted systems. The attack underscores the '
                'evolving threat tactics and sophistication of the APT group.',
 'impact': {'operational_impact': 'Compromised integrity of targeted systems'},
 'initial_access_broker': {'entry_point': 'Phishing emails with malicious '
                                          'URLs'},
 'threat_actor': ['Awaken Likho APT Group', 'Core Werewolf', 'PseudoGamaredon'],
 'title': 'Awaken Likho APT Group Campaign',
 'type': 'Phishing'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.