Analyzing the Awaken Likho APT group implant: new tools and techniques
Oct. 7, 2024, 1:03 p.m.
Tags
External References
Description
A new campaign by the Awaken Likho APT group targeting Russian government agencies and industrial enterprises was discovered in June 2024. The group has significantly changed its attack methods, now preferring the MeshCentral platform agent instead of UltraVNC for remote access. The implant is delivered via malicious URLs, likely through phishing emails. The new implant uses a self-extracting archive containing multiple files, including a MeshAgent executable and various command scripts. These components work together to establish persistence and maintain connection with the attackers' command and control server. The group's focus remains on Russian targets, and their tactics continue to evolve.
Date
Published: Oct. 7, 2024, 10:46 a.m.
Created: Oct. 7, 2024, 10:46 a.m.
Modified: Oct. 7, 2024, 1:03 p.m.
Attack Patterns
MeshAgent
Awaken Likho
T1036.004
T1053.005
T1059.003
T1571
T1070.004
T1105
T1204
T1566
Additional Informations
Industrial
Government
Russian Federation