Emerging Cyber Threats: Attacks on the Security Sector

The CERT-UA response team has detected new cyber threats targeting the defense sector.

Recently, emails purportedly from government officials have been reported, containing attachments named «Attachment.pdf.zip».

This ZIP archive includes a file with the extension «.pif», generated using PyInstaller in Python, classified by CERT-UA as the (malicious) software LAMEHUG.

LAMEHUG is notable for its use of a large language model (LLM) to generate commands based on descriptions. Once it infiltrates a computer, the program collects basic information and conducts a recursive search for documents, copying them.

With moderate confidence, this activity is linked to the group UAC-0001 (APT28), associated with Russian intelligence services.