CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a phishing campaign that’s designed to deliver a malware codenamed LAMEHUG.

An obvious feature of LAMEHUG is the use of LLM (large language model), used to generate commands based on their textual representation (description), CERT-UA said in a Thursday advisory.

The activity has been attributed with medium confidence to a Russian state-sponsored hacking group tracked as APT28, which is also known as Fancy Bear, Forest Blizzard, Sednit, Sofacy, and UAC-0001.

The cybersecurity agency said it found the malware after receiving reports on July 10, 2025, about suspicious emails sent from compromised accounts and impersonating ministry officials. The emails targeted executive government authorities.

To read the complete article see: The Hacker News\n