The Awaken Likho APT group, also known as Core Werewolf and PseudoGamaredon, launched a targeted campaign using a new implant to infiltrate Russian government entities and enterprises. This campaign utilized phishing emails with malicious URLs to distribute the MeshAgent tool, enabling remote system control. An SFX archive concealed the attack by displaying a decoy document while setting up the MeshAgent to maintain a persistent connection with the attackers' server. This allowed for continuous remote access, compromising the integrity of the targeted systems. The attack underscores the evolving threat tactics and sophistication of the APT group.
Source: https://securityaffairs.com/169563/apt/awaken-likho-apt-group-target-russia.html
TPRM report: https://scoringcyber.rankiteo.com/company/defense-security-cooperation-agency
"id": "def000101524",
"linkid": "defense-security-cooperation-agency",
"type": "Cyber Attack",
"date": "10/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'location': 'Russia',
'type': ['Government', 'Enterprise']}],
'attack_vector': 'Phishing emails with malicious URLs',
'description': 'The Awaken Likho APT group, also known as Core Werewolf and '
'PseudoGamaredon, launched a targeted campaign using a new '
'implant to infiltrate Russian government entities and '
'enterprises. This campaign utilized phishing emails with '
'malicious URLs to distribute the MeshAgent tool, enabling '
'remote system control. An SFX archive concealed the attack by '
'displaying a decoy document while setting up the MeshAgent to '
"maintain a persistent connection with the attackers' server. "
'This allowed for continuous remote access, compromising the '
'integrity of the targeted systems. The attack underscores the '
'evolving threat tactics and sophistication of the APT group.',
'impact': {'operational_impact': 'Compromised integrity of targeted systems'},
'initial_access_broker': {'entry_point': 'Phishing emails with malicious '
'URLs'},
'threat_actor': ['Awaken Likho APT Group', 'Core Werewolf', 'PseudoGamaredon'],
'title': 'Awaken Likho APT Group Campaign',
'type': 'Phishing'}