New wave of targeted attacks of the Angry Likho APT on Russian organizations
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The Angry Likho APT group has launched a new wave of targeted attacks primarily against Russian organizations. The group employs spear-phishing emails with malicious attachments as the initial attack vector. A previously unknown implant was discovered, utilizing a self-extracting archive and AutoIt scripts to deploy the Lumma Trojan stealer. The malware exfiltrates sensitive data, including browser information, cryptocurrency wallets, and authentication details. Hundreds of victims have been identified, mostly in Russia and Belarus. The group's tactics remain consistent, with periodic pauses in activity followed by new attack waves. They rely on readily available malicious utilities rather than developing custom tools.
OPENCTI LABELS :
apt,stealer,russia,autoit,targeted attacks,lumma trojan
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
New wave of targeted attacks of the Angry Likho APT on Russian organizations