Names | Awaken Likho (Kaspersky) Core Werewolf (BI.ZONE) | |
Country | [Unknown] | |
Motivation | Information theft and espionage | |
First seen | 2021 | |
Description | (Kaspersky) In July 2021, a campaign was launched primarily targeting Russian government agencies and industrial enterprises. Shortly after the campaign started, we began tracking it, and published three reports in August and September 2024 through our threat research subscription on the threat actor we named Awaken Likho (also named by other vendors as Core Werewolf). While investigating the activity of this APT group, we discovered a new campaign that began in June 2024 and continued at least until August. Analysis of the campaign revealed that the attackers had significantly changed the software they used in their attacks. The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems. The group remains focused on targeting Russian government organizations and enterprises. | |
Observed | Sectors: Government. Countries: Russia. | |
Tools used | ||
Information | <https://securelist.com/awaken-likho-apt-new-implant-campaign/114101/> <https://bi.zone/eng/expertise/blog/core-werewolf-protiv-opk-i-kriticheskoy-infrastruktury/> <https://bi.zone/eng/expertise/blog/ne-budi-likho-core-werewolf-sovershenstvuet-ataki-na-rossiyskie-gosorganizatsii/> |
Last change to this card: 24 October 2024
Download this actor card in PDF or JSON format
Previous: AVIVORE
Next: Axiom, Group 72
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |