Contact

Analyzing the Awaken Likho APT group implant: new tools and techniques

NetmanageIT OpenCTI - opencti.netmanageit.com

Analyzing the Awaken Likho APT group implant: new tools and techniques



SUMMARY :

A new campaign by the Awaken Likho APT group targeting Russian government agencies and industrial enterprises was discovered in June 2024. The group has significantly changed its attack methods, now preferring the MeshCentral platform agent instead of UltraVNC for remote access. The implant is delivered via malicious URLs, likely through phishing emails. The new implant uses a self-extracting archive containing multiple files, including a MeshAgent executable and various command scripts. These components work together to establish persistence and maintain connection with the attackers' command and control server. The group's focus remains on Russian targets, and their tactics continue to evolve.

OPENCTI LABELS :

apt,phishing,meshagent,meshcentral


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Analyzing the Awaken Likho APT group implant: new tools and techniques