Home AI CERT-UA Uncovers APT28-Linked LAMEHUG Malware Employing LLM for Phishing Attacks

CERT-UA Uncovers APT28-Linked LAMEHUG Malware Employing LLM for Phishing Attacks

0
CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign

On July 18, 2025, Ukraine’s Computer Emergency Response Team (CERT-UA) revealed a phishing attack involving malware named LAMEHUG. This new malware utilizes a Large Language Model (LLM) to generate commands from textual descriptions. The attack is linked to the Russian hacking group APT28, also known as Fancy Bear. After reports surfaced on July 10 regarding compromised emails impersonating government officials, CERT-UA identified LAMEHUG embedded within ZIP files, including variants such as “Додаток.pif” and “AI_generator_uncensored_Canvas_PRO_v0.9.exe.” Developed in Python and leveraging Alibaba Cloud’s Qwen2.5-Coder-32B-Instruct, LAMEHUG can extract sensitive information, which is sent to an attacker-controlled server. This incident highlights how threat actors exploit legitimate services like Hugging Face for command-and-control purposes, circumventing detection. Cybersecurity firms warned of emerging malware techniques that resist AI analysis, predicting an uptick in adversarial tactics as generative AI becomes integrated into security frameworks.

Source link

NO COMMENTS

Exit mobile version