A recent phishing campaign targeted Ukrainian officials using LAMEHUG, a malware utilizing large language models (LLMs) for command generation. This attack, linked to the Russian group APT28, highlights the use of legitimate AI services for covert operations. #LAMEHUG #APT28
Keypoints
- The phishing campaign used malicious ZIP archives to deliver the LAMEHUG malware.
- LAMEHUG employs Alibaba Cloudโs Qwen2.5-Coder large language model to generate commands dynamically.
- The malware collects system information and searches for documents before transmitting data to attackers.
- Threat actors are weaponizing legitimate AI and cloud services like Hugging Face for C2 communication.
- Recent developments include AI-resistant malware techniques like prompt injection and sandbox evasion efforts.
Read More: https://thehackernews.com/2025/07/cert-ua-discovers-lamehug-malware.html