New Arsenal: LAMEHUG, the First AI-Powered Malware

APT28, a Russian threat group, has developed LAMEHUG, a Python-based malware that utilizes AI to generate and execute system commands. This malware, targeting Ukraine's security and defense sector, begins with a phishing email containing a malicious attachment. LAMEHUG employs the Qwen 2.5-Coder-32B-Instruct model via Hugging Face API to translate text instructions into system commands. It performs system reconnaissance, data theft, and exfiltration using AI-generated commands. The malware collects system information, searches for documents, and exfiltrates data via SFTP or HTTP POST requests. Multiple variants of LAMEHUG have been identified, each with different data exfiltration methods. This marks a significant evolution in malware capabilities, incorporating large language models to enhance attack flexibility and sophistication.

Pulse ID: 68948bfb370ac711edbb5278
Pulse Link: https://otx.alienvault.com/pulse/68948bfb370ac711edbb5278
Pulse Author: AlienVault
Created: 2025-08-07 11:20:27

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Cato CTRL™ Threat Research: Analyzing LAMEHUG | Cato Networks

"First Known LLM-Powered Malware with Links to APT28 (Fancy Bear)"

https://www.catonetworks.com/blog/cato-ctrl-threat-research-analyzing-lamehug/

UAC-0001 (APT28) Attack Detection: The russia-Backed Actor Uses LLM-Powered LAMEHUG Malware to Target Security and Defense Sector  – Source: socprime.com https://ciso2ciso.com/uac-0001-apt28-attack-detection-the-russia-backed-actor-uses-llm-powered-lamehug-malware-to-target-security-and-defense-sector-source-socprime-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Latestthreats #socprimecom #Phishing #socprime #CERT-UA #CERTUA #APT28 #Blog

LameHug: first #AI-Powered #malware linked to #Russia’s #APT28
https://securityaffairs.com/180092/hacking/lamehug-first-ai-powered-malware-linked-to-russias-apt28.html
#securityaffairs #hacking #Ukraine

Russian APT Hits Ukrainian Government With New Malware via Signal https://www.securityweek.com/russian-apt-hits-ukrainian-government-with-new-malware-via-signal/ #Malware&Threats #NationState #malware #Ukraine #Russia #Signal #APT28

Russian APT Hits Ukrainian Government With New Malware via Signal https://www.securityweek.com/russian-apt-hits-ukrainian-government-with-new-malware-via-signal/ #Malware&Threats #NationState #malware #Ukraine #Russia #Signal #APT28

UAC-0001 (APT28) Activity Detection: The russian State-Sponsored Group Targets Government Agencies Using BEARDSHELL and COVENANT Malware – Source: socprime.com https://ciso2ciso.com/uac-0001-apt28-activity-detection-the-russian-state-sponsored-group-targets-government-agencies-using-beardshell-and-covenant-malware-source-socprime-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Latestthreats #socprimecom #BEARDSHELL #COVENANT #socprime #CERT-UA #CERTUA #APT28 #Blog

#APT28 hackers use #Signal chats to launch new #malware attacks on #Ukraine

https://www.bleepingcomputer.com/news/security/apt28-hackers-use-signal-chats-to-launch-new-malware-attacks-on-ukraine/

Russia-linked APT28 use Signal chats to target Ukraine official with malware – Source: securityaffairs.com https://ciso2ciso.com/russia-linked-apt28-use-signal-chats-to-target-ukraine-official-with-malware-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #Cyberwarfare #Intelligence #SecurityNews #hacking #Malware #ukraine #Russia #APT28

#Russia-linked #APT28 use #Signal chats to target Ukraine official with #malware
https://securityaffairs.com/179288/apt/russia-linked-apt28-use-signal-chats-to-target-ukraine-official-with-malware.html
#securityaffairs #hacking

Ukrainian Government Systems Targeted With Backdoors Hidden in Cloud APIs and Docs https://thecyberexpress.com/ukrainian-government-systems-targeted/ #UkrainianGovernmentSystems #TheCyberExpressNews #TheCyberExpress #FirewallDaily #CyberWarfare #MalwareNews #CyberNews #Espionage #FancyBear #Phishing #CERTUA #Russia #Signal #APT28 #APT28 #ICS

Russian hackers breach orgs to track aid routes to Ukraine

A Russian state-sponsored cyberespionage campaign attributed to APT28 hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine.

The hackers targeted entities in the defense, transportation, IT services, air traffic, and maritime sectors in 12 European countries and the United States.

#APT28 #russia #Ukraine #security #cybersecurity #hackers #hacking

https://www.bleepingcomputer.com/news/security/russian-hackers-breach-orgs-to-track-aid-routes-to-ukraine/

Aktuelle Warnung vor Cyberangriffen auf den Logistik- und #Technologiesektor: Das BfV, das #BSI und der BND warnen aktuell vor Cyberangriffen, um #KRITIS auszuspionieren.

Verantwortlich für die Angriffe ist die Einheit 26165 des russischen Militärgeheimdienstes GRU und die dazugehörige Cybergruppierung #APT28, die sich beispielsweise mittels Spear-Phishing und Brute-Force-Angriffen unbefugten Zugriff auf die IT-Infrastruktur verschaffen.

https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/wirtschafts-wissenschaftsschutz/2025-05-21-jcsa.pdf #cybersecurity

#Russia-linked #APT28 targets western logistics entities and technology firms
https://securityaffairs.com/178165/apt/russia-linked-apt28-targets-western-logistics-entities-and-technology-firms.html
#securityaffairs #hacking

CISA Says Russian Hackers Targeting Western Supply-Lines to Ukraine – Source: www.securityweek.com https://ciso2ciso.com/cisa-says-russian-hackers-targeting-western-supply-lines-to-ukraine-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Malware&Threats #vulnerabilities #securityweekcom #securityweek #NationState #Unit26165 #ukraine #Russia #APT28 #CISA

CISA Says Russian Hackers Targeting Western Supply-Lines to Ukraine https://www.securityweek.com/cisa-says-russian-hackers-targeting-western-supply-lines-to-ukraine/ #Malware&Threats #Vulnerabilities #NationState #Unit26165 #Ukraine #Russia #APT28 #CISA

CISA Says Russian Hackers Targeting Western Supply-Lines to Ukraine https://www.securityweek.com/cisa-says-russian-hackers-targeting-western-supply-lines-to-ukraine/ #Malware&Threats #Vulnerabilities #NationState #Unit26165 #Ukraine #Russia #APT28 #CISA

Russia-Linked SpyPress Malware Exploits Webmails to Spy on Ukraine https://hackread.com/russia-spypress-malware-exploits-webmails-spy-ukraine/ #CyberEspionage #Cybersecurity #Vulnerability #CyberAttacks #CyberAttack #RoundPress #FancyBear #Security #Malware #Ukraine #Russia #APT28

Russia-Linked SpyPress Malware Exploits Webmails to Spy on Ukraine – Source:hackread.com https://ciso2ciso.com/russia-linked-spypress-malware-exploits-webmails-to-spy-on-ukraine-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #CyberEspionage #cybersecurity #Vulnerability #CyberAttacks #CyberAttack #RoundPress #FancyBear #Hackread #security #malware #Ukraine #Russia #APT28

Another day, another Russia-linked malware spotted targeting Ukranian organisations, as per ESET. This time, the attack is dubbed as #RoundPress.

Read: https://hackread.com/russia-spypress-malware-exploits-webmails-spy-ukraine/