diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index dab0b0e..78ed7f8 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -16932,6 +16932,20 @@ }, "uuid": "afca4b9c-2bdb-47ef-becc-1d5683d3d2fb", "value": "SkidSec" + }, + { + "description": "Awaken Likho is an APT group that has targeted Russian government agencies and industrial enterprises, employing techniques such as information gathering via search engines and using MeshCentral for remote access. The group has been active since at least December 2021 and has ramped up its activities following the Russo-Ukrainian conflict. Recent reports indicate that they are focusing on espionage against critical infrastructure in the defense and energy sectors. Analysis of their malware reveals a new version that is still in development, suggesting ongoing operational capabilities.", + "meta": { + "refs": [ + "https://securelist.com/awaken-likho-apt-new-implant-campaign/114101/", + "https://bi.zone/eng/expertise/blog/core-werewolf-protiv-opk-i-kriticheskoy-infrastruktury/" + ], + "synonyms": [ + "Core Werewolf" + ] + }, + "uuid": "b3a4c34f-0ad6-4083-938a-958deb34b6c7", + "value": "Awaken Likho" } ], "version": 316