First AI-Powered Malware Targets Organizations via Compromised Official Email Accounts

The Russian state-sponsored threat actor APT28, also known as Fancy Bear or Forest Blizzard, has deployed LameHug, the first publicly documented malware leveraging large language models (LLMs) for automated command generation and execution.

According to a recent CERT-UA report, this campaign targeted Ukraine’s security and defense sectors earlier this month, initiating with spearphishing emails dispatched from compromised official accounts masquerading as government ministry representatives.

The emails contained a malicious ZIP archive named Appendix.pdf.zip, which housed an executable with a .pif extension, compiled via PyInstaller from Python source code.

APT28’s Exploitation of LLMs

Upon execution, LameHug interfaces with the Qwen 2.5-Coder-32B-Instruct model hosted on Hugging Face’s API, enabling attackers to input natural language prompts that the LLM translates into executable system commands.

According to the report, this innovative integration allows for flexible, on-the-fly automation of reconnaissance and data exfiltration tasks, marking a paradigm shift in malware sophistication where AI assists in generating tailored commands without hardcoded payloads.

LameHug’s operational chain begins with system enumeration, employing LLM-generated batch commands executed via cmd.exe to harvest comprehensive host details.

These include hardware specifications via WMIC queries for CPU name and speed, memory capacity, disk drive models, and network interface configurations, alongside process listings from tasklist, service enumerations with net start, and network details from ipconfig /all.

User and domain information is gathered using whoami, net config workstation, and dsquery for users, computers, groups, OUs, sites, subnets, servers, and domains, all appended to an info.txt file staged in the %PROGRAMDATA%info directory.

The malware then recursively scans user directories such as Documents, Desktop, and Downloads for sensitive documents, archiving them for exfiltration over SFTP or HTTP POST to attacker-controlled infrastructure.

CERT-UA identified two additional variants, AI_generator_uncensored_Canvas_PRO_v0.9.exe and image.py, which exhibit variations in exfiltration mechanisms, potentially incorporating uncensored AI models or image-based data smuggling to evade detection.

Attributed to Russia’s GRU Unit 26165, APT28’s use of LameHug aligns with their historical tactics, including credential phishing, vulnerability exploitation (e.g., CVE-2020-0688), and lateral movement via RDP or SMB shares, as detailed in MITRE ATT&CK mappings.

The malware’s reliance on external LLM APIs introduces novel risks, such as prompt injection vulnerabilities or API abuse for code obfuscation, while its reconnaissance leverages native Windows binaries like wmic.exe and dsquery.exe to blend with legitimate activity.

Threat Hunting

To counter such threats, organizations can employ proactive threat hunting using SIEM platforms like Logpoint, focusing on Sysmon event_id=11 for suspicious file creations in paths like C:ProgramData* matching patterns such as info*.

Queries should also detect reconnaissance via process creation logs for binaries like whoami.exe, ipconfig.exe, and wmic.exe with command-line auditing enabled, alerting on high counts of distinct commands per user-host pair.

Network indicators include outbound connections to IPs 144.126.202.227 and 192.36.27.37, domains [email protected] and stayathomeclasses.com, or LLM endpoints like api.huggingface.co, alongside hashes such as 8013b23cb78407675f323d54b6b8dfb2a61fb40fb13309337f5b662dbd812a5d.

User-agent strings like “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0” warrant scrutiny when correlated with other IOCs.

Response strategies involve automated playbooks for phishing triage, email forensics via O365 APIs to extract headers and enrich IPs/URLs with threat intelligence from VirusTotal or RecordedFuture, and endpoint isolation using tools like AgentX for process dumping and malicious file containment.

Recommendations emphasize defense-in-depth with EDR, network segmentation, and employee training on verifying emails from trusted sources.

Continuous monitoring of LLM API interactions, input sanitization, and incident response drills are crucial to mitigate AI-augmented threats, as adversaries like APT28 continue evolving their TTPs to exploit emerging technologies.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!