LAMEHUG: Malware Leveraging Dynamic AI-Generated Commands - AI Case Study
AI Case StudyIn July 2025, Ukrainian authorities reported the emergence of LAMEHUG, a new AI-powered malware attributed to the Russian state-backed threat actor APT28 (also tracked as Forest Blizzard or UAC-0001). LAMEHUG uses a large language model (LLM) to dynamically generate commands on the infected hosts. The campaign began with a phishing attack leveraging a compromised governmen...
Overview
Risk patterns
Patterns found in the case record and its linked vulnerabilities.
- 1Dominant ATLAS tactic. Defense Evasion appears in 2 case steps.
- 2Multiple attack methods. The case connects to 8 unique AI attack methods.
Procedure timeline
Search the case steps or filter them by attacker goal.
-
Initial Access
Step 1
Valid Accounts
APT28 gained access to a compromised official email account.
-
Lateral Movement
Step 2
Phishing
APT28 sent a phishing email from the compromised account with an attachment containing malware.
-
Defense Evasion
Step 3
Impersonation
The email impersonated a government ministry representative.
-
Defense Evasion
Step 4
Masquerading
The attachment was called “Appendix.pdf.zip” which could confuse the recipient into thinking it was a legitimate PDF file.
-
Execution
Step 5
User Execution
The attachment contained an executable file with a .pif extension, created using PyInstaller from Python source code which CERT-UA classified it as LAMEHUG malware. Files with the .pif extension are executable on Windows.
-
AI Attack Staging The LAMEHUG malware abused the Qwen 2.5 Coder 32B Instruct model Hugging Face API to generate malicious commands from natural language prompts.
-
Collection
Step 7
Data from Local System
The LAMEHUG malware used the AI generated commands to collect system information (saved to
%PROGRAMDATA%\info\info.txt) and recursively searched Documents, Desktop, and Downloads to stage files for exfiltration. -
Exfiltration The LAMEHUG malware exfiltrated collected data to attacker controlled servers via SFTP or HTTP POST requests.
Mitigations
Defenses connected to the attack methods in this case.
AI Bill of Materials
An AI Bill of Materials (AI BOM) contains a full listing of artifacts and resources that were used in building the AI. The AI BOM can help mitigate supply chain risks and enable rapid response to reported vulnerabilities.
This can include maintaining dataset provenance, i.e. a detailed history of datasets used for AI applications. The history can include information about the dataset source as well as well as a complete record of any modifications.
Control Access to AI Models and Data at Rest
Establish access controls on internal model registries and limit internal access to production models. Limit access to training data only to approved users.
Deepfake Detection
Apply deepfake detection algorithms against any untrusted or user-provided data, especially in impactful applications such as biometric verification, to block generated content.
Detectors may use a combination of approaches, including:
- AI models trained to differentiate between real and deepfake content.
- Identifying common inconsistencies in deepfake content, such as unnatural facial movements, audio mismatches, or pixel-level artifacts.
- Biometrics analysis, such blinking, eye movements, and microexpressions.
Restrict Library Loading
Prevent abuse of library loading mechanisms in the operating system and software to load untrusted code by configuring appropriate library loading mechanisms and investigating potential vulnerable software.
File formats such as pickle files that are commonly used to store AI models can contain exploits that allow for loading of malicious libraries.
Showing 4 of 7
Source evidence
Original public records and references for this case.
Original source
Original source links
Open the MITRE ATLAS data and public references used for this case study.
