Emerging Cyber Threats: Attacks on Defense Sector
The National Cyber Incident Response Team, CERT-UA, has reported new cyber attacks on the security and defense sector.
Specifically, emails were circulated, allegedly from a representative of the relevant ministry, containing an attachment labeled ‘Appendix.pdf.zip’.
This ZIP archive included a file with the extension ‘.pif’, created using the PyInstaller tool, and classified by CERT-UA as the malicious software LAMEHUG.
LAMEHUG is characterized by its use of a large language model (LLM) for command generation based on descriptions. Once it infiltrates a computer, the program collects basic information, performs recursive document searches, and copies them.
With moderate confidence, this activity is associated with the UAC-0001 (APT28) group, which is controlled by Russian intelligence services.
