Awaken Likho, also referred to as Core Werewolf or PseudoGamaredon, is a cyber threat group targeting Russian government agencies and industrial entities. Since June 2024, a new campaign has been observed, where attackers have shifted from using UltraVNC to MeshCentral’s legitimate agent for remote access to compromised systems. The campaign primarily focuses on Russian government contractors and industrial enterprises, as reported by Kaspersky.
Spear-phishing is a key method employed by Awaken Likho, with malicious executables disguised as Word or PDF files.
Awaken Likho’s cyberattacks date back to at least August 2021, first gaining attention through targeting Russia’s defense and critical infrastructure sectors. However, more recently, the group has shifted to using self-extracting archives (SFX) to covertly install UltraVNC, along with presenting decoy documents.
By creating a scheduled task, Awaken Likho ensures persistence within the infec
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: