1
Artificial intelligence (AI) is making waves in the tech industry and has now caught the attention of malicious actors looking to automate their attack tactics. According to a recent advisory from CERT Ukraine, a new AI-based malware known as “LAMEHUG” has emerged, showcasing the potential of AI in cyber threats.
LAMEHUG AI Malware Signals Emerging Cybersecurity Risks
CERT-UA researchers discovered a new AI-powered malware called “LAMEHUG” in the wild, highlighting the use of artificial intelligence in crafting real-time malicious commands. This adaptability and automation give threat actors the ability to carry out more precise and potent attacks on targeted systems.
The malware was initially distributed among executive authorities through a malicious .zip file sent from a compromised email account. Upon analysis, researchers identified the executable file with a .pif extension as “LAMEHUG,” a Python-based malware leveraging the Hugging Face AI API to generate commands.
Once infiltrated, the malware collects system information, identifiers, and network details, as well as exfiltrates stored documents by scanning for Microsoft Office and PDF files. Additionally, the malware potentially links back to Russian state actors APT28, known for conducting cyber espionage globally.
APT28 and the Evolution of Cyber Threats
CERT-UA associates the LAMEHUG malware with the Russian APT28 group, suggesting a connection to Russian special services. APT28, also known as Sofacy, Fancy Bear, and Strontium, has a history of cyber-espionage attacks targeting government entities across Europe and the United States.
The discovery of LAMEHUG signifies a new tactic in APT28’s evolving strategies to evade detection and enhance their attack capabilities. With the use of AI-powered malware connecting to external infrastructures like Hugging Face, threat actors can adapt their tactics in real-time without additional payloads, making their operations more elusive.
IBM X-Force notes that this AI capability enables threat actors to improvise their attacks and ensure longer-lasting evasive operations. The constant evolution of cyber threats underscores the need for robust cybersecurity measures to counter the sophisticated tactics employed by malicious actors.
We welcome your insights and opinions in the comments section below.
