From dfe6e6dfabc46068929494c23c02105ace990cdc Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 7 Oct 2024 03:58:02 -0700
Subject: [PATCH] [threat-actors] Add Awaken Likho

---
 clusters/threat-actor.json | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index dab0b0e..78ed7f8 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16932,6 +16932,20 @@
       },
       "uuid": "afca4b9c-2bdb-47ef-becc-1d5683d3d2fb",
       "value": "SkidSec"
+    },
+    {
+      "description": "Awaken Likho is an APT group that has targeted Russian government agencies and industrial enterprises, employing techniques such as information gathering via search engines and using MeshCentral for remote access. The group has been active since at least December 2021 and has ramped up its activities following the Russo-Ukrainian conflict. Recent reports indicate that they are focusing on espionage against critical infrastructure in the defense and energy sectors. Analysis of their malware reveals a new version that is still in development, suggesting ongoing operational capabilities.",
+      "meta": {
+        "refs": [
+          "https://securelist.com/awaken-likho-apt-new-implant-campaign/114101/",
+          "https://bi.zone/eng/expertise/blog/core-werewolf-protiv-opk-i-kriticheskoy-infrastruktury/"
+        ],
+        "synonyms": [
+          "Core Werewolf"
+        ]
+      },
+      "uuid": "b3a4c34f-0ad6-4083-938a-958deb34b6c7",
+      "value": "Awaken Likho"
     }
   ],
   "version": 316