A naukri.com initiative
Securelist
2d
78
Image Credit: Securelist
Angry Likho: Old beasts in a new forest
- Angry Likho, an APT group, resembling Awaken Likho, focuses on targeted attacks on employees of large organizations, mainly in Russia and Belarus.
- Their attacks involve spear-phishing emails with malicious attachments, including a self-extracting archive named FrameworkSurvivor.exe.
- The implant in the archive hides the Lumma Trojan stealer, aimed at stealing sensitive data such as banking details, usernames, passwords, and more.
- The group uses obfuscation techniques in their scripts to hide their activities, making analysis complex.
- Angry Likho's recent surge in activity in January 2025 indicates ongoing threats, with hundreds of victims in Russia and Belarus.
- The attackers target specific users with tailored spear-phishing emails and use malicious utilities from darknet forums for their operations.
- To defend against such attacks, organizations need robust security solutions, employee training, and awareness programs.
- The group's attack techniques remain consistent with periodic pauses, suggesting strategic planning in their operations.
- The report provides indicators of compromise, including file hashes, implants, bait files, and malicious domains associated with Angry Likho's activities.
- Monitoring and updating cyber intelligence data on such APT groups are essential to combat evolving cybersecurity threats effectively.
Read Full Article
4 Likes
For uninterrupted reading, download the app