The national cybersecurity landscape is facing serious threats. Recent findings from CERT-UA highlight ongoing attacks targeting the defense sector.

Specifically, it has been reported that emails, seemingly from officials in the relevant ministry, contained malicious attachments labeled «Attachment.pdf.zip».

This ZIP file included a file with the extension «.pif», developed using PyInstaller, and identified as malicious software known as LAMEHUG.

The LAMEHUG program employs LLM technology to generate commands based on descriptive inputs. Upon infiltrating a computer, it collects system information, conducts recursive document searches, and copies files.

With moderate confidence, this activity is linked to the UAC-0001 (APT28) group, which is believed to be associated with Russian intelligence services.