Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » Cyberattack Group ‘Awaken Likho’ Targets Russian Government with Advanced Tools

Cyberattack Group ‘Awaken Likho’ Targets Russian Government with Advanced Tools

Cyberattack Group ‘Awaken Likho’ Targets Russian Government with Advanced Tools

https://firewall.firm.in/wp-content/uploads/2024/10/russia.png

Oct 08, 2024Ravie LakshmananCyber Threat / APT Attack

Russian Government with Advanced Tools

Russian government agencies and industrial entities are the target of an ongoing activity cluster dubbed Awaken Likho.

“The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems,” Kaspersky said, detailing a new campaign that began in June 2024 and continued at least until August.

The Russian cybersecurity company said the campaign primarily targeted Russian government agencies, their contractors, and industrial enterprises.

Cybersecurity

Awaken Likho, also tracked as Core Werewolf and PseudoGamaredon, was first documented by BI.ZONE in June 2023 in connection with cyber attacks directed against defense and critical infrastructure sectors. The group is believed to be active since at least August 2021.

The spear-phishing attacks involve distributing malicious executables disguised as Microsoft Word or PDF documents by assigning them double extensions like “doc.exe,” “.docx.exe,” or “.pdf.exe,” so that only the .docx and .pdf portions of the extension show up for users.

Opening these files, however, has been found to trigger the installation of UltraVNC, thereby allowing the threat actors to gain complete control of the compromised hosts.

Other attacks mounted by Core Werewolf have also singled out a Russian military base in Armenia as well as a Russian research institute engaged in weapons development, per findings from F.A.C.C.T. earlier this May.

One notable change observed in these instances concerns the use of a self-extracting archive (SFX) to facilitate the covert installation of UltraVNC while displaying an innocuous lure document to the targets.

Cybersecurity

The latest attack chain discovered by Kaspersky also relies on an SFX archive file created using 7-Zip that, when opened, triggers the execution of a file named “MicrosoftStores.exe,” which then unpacks an AutoIt script to ultimately run the open-source MeshAgent remote management tool.

“These actions allow the APT to persist in the system: the attackers create a scheduled task that runs a command file, which, in turn, launches MeshAgent to establish a connection with the MeshCentral server,” Kaspersky said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket