Ukrainian authorities have identified a new malware, LameHug, which utilizes an AI-powered large language model (LLM) to generate commands on compromised Windows systems. The National Computer Emergency Response Team of Ukraine (CERT-UA) linked this malware to cyber-attacks aimed at the nation’s defense sector, attributing these actions to the ATP28 hacking group, associated with Russian intelligence. The malware was distributed via emails containing an attachment named “Додаток.pdf.zip,” which, once executed, revealed a malicious file with a .pif extension. LameHug is developed using Python and the Hugging Face API, leveraging Alibaba’s open-source Qwen2.5-Coder-32B-Instruct LLM. This innovative technique allows attackers to adapt their strategies seamlessly, complicating detection by security measures. APT28 has a longstanding history of targeting Ukraine and its allies, with previous attempts having impacted critical infrastructure. This evolution in cyber threats underscores the heightened risks amid ongoing geopolitical tensions.
Source link
Share
Read more