The Awaken Likho APT group, also known as Core Werewolf and PseudoGamaredon, launched a targeted campaign using a new implant to infiltrate Russian government entities and enterprises. This campaign utilized phishing emails with malicious URLs to distribute the MeshAgent tool, enabling remote system control. An SFX archive concealed the attack by displaying a decoy document while setting up the MeshAgent to maintain a persistent connection with the attackers' server. This allowed for continuous remote access, compromising the integrity of the targeted systems. The attack underscores the evolving threat tactics and sophistication of the APT group.
Source: https://securityaffairs.com/169563/apt/awaken-likho-apt-group-target-russia.html
"id": "def000101524",
"linkid": "defense-security-cooperation-agency",
"type": "Cyber Attack",
"date": "10/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"