New Arsenal: LAMEHUG, the First AI-Powered Malware

SUMMARY :

APT28, a Russian threat group, has developed LAMEHUG, a Python-based malware that utilizes AI to generate and execute system commands. This malware, targeting Ukraine's security and defense sector, begins with a phishing email containing a malicious attachment. LAMEHUG employs the Qwen 2.5-Coder-32B-Instruct model via Hugging Face API to translate text instructions into system commands. It performs system reconnaissance, data theft, and exfiltration using AI-generated commands. The malware collects system information, searches for documents, and exfiltrates data via SFTP or HTTP POST requests. Multiple variants of LAMEHUG have been identified, each with different data exfiltration methods. This marks a significant evolution in malware capabilities, incorporating large language models to enhance attack flexibility and sophistication.

OPENCTI LABELS :

phishing,data exfiltration,ukraine,python,reconnaissance,ai-powered malware,hugging face api,lamehug


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


New Arsenal: LAMEHUG, the First AI-Powered Malware