The Computer Emergency Response Team of Ukraine reports a phishing campaign delivering malware called LAMEHUG, attributed to the Russian APT28 group. This malware employs a large language model for command generation based on descriptive text. It was identified following reports of suspicious emails targeting government officials, which contained a ZIP archive with LAMEHUG payload variants. Developed in Python, LAMEHUG is designed to collect information from compromised hosts and recursively search for documents. The attackers receive the gathered data via controlled servers using SFTP or HTTP POST requests.
LAMEHUG is a malware that uses large language models to generate executable commands based on text descriptions, targeting executive government authorities through phishing emails.
LAMEHUG employs techniques to harvest data and can search through basic file directories for specific document types, sending captured information back to attackers.
Collection
[
|
...
]