ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > Awaken Likho

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Awaken Likho

NamesAwaken Likho (Kaspersky)
Core Werewolf (BI.ZONE)
Country[Unknown]
MotivationInformation theft and espionage
First seen2021
Description(Kaspersky) In July 2021, a campaign was launched primarily targeting Russian government agencies and industrial enterprises. Shortly after the campaign started, we began tracking it, and published three reports in August and September 2024 through our threat research subscription on the threat actor we named Awaken Likho (also named by other vendors as Core Werewolf).

While investigating the activity of this APT group, we discovered a new campaign that began in June 2024 and continued at least until August. Analysis of the campaign revealed that the attackers had significantly changed the software they used in their attacks. The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems. The group remains focused on targeting Russian government organizations and enterprises.
ObservedSectors: Government.
Countries: Russia.
Tools used
Information<https://securelist.com/awaken-likho-apt-new-implant-campaign/114101/>
<https://bi.zone/eng/expertise/blog/core-werewolf-protiv-opk-i-kriticheskoy-infrastruktury/>
<https://bi.zone/eng/expertise/blog/ne-budi-likho-core-werewolf-sovershenstvuet-ataki-na-rossiyskie-gosorganizatsii/>

Last change to this card: 24 October 2024

Download this actor card in PDF or JSON format

Previous: AVIVORE
Next: Axiom, Group 72

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]