SYMBOLCOMMON_NAMEaka. SYNONYMS
py.lamehug (Back to overview)

LAMEHUG

Actor(s): APT28


According to CERT-UA, LAMEHUG uses an LLM (Qwen) to dynamically generate commands to gather basic information about a computer and recursively exfiltrate Office documents from a set of folders, to be uploaded either by SFTP or HTTP POST requests.

References
2025-07-17Cert-UACert-UA
UAC-0001 cyberattacks on the security and defense sector using the LAMEHUG software using LLM (large language model) (CERT-UA#16039)
LAMEHUG

There is no Yara-Signature yet.