Skip to Content
logologo
AI Incident Database
Open TwitterOpen RSS FeedOpen FacebookOpen LinkedInOpen GitHub
Open Menu
Découvrir
Envoyer
  • Bienvenue sur AIID
  • Découvrir les incidents
  • Vue spatiale
  • Vue de tableau
  • Vue de liste
  • Entités
  • Taxonomies
  • Soumettre des rapports d'incident
  • Classement des reporters
  • Blog
  • Résumé de l’Actualité sur l’IA
  • Contrôle des risques
  • Incident au hasard
  • S'inscrire
Fermer
Découvrir
Envoyer
  • Bienvenue sur AIID
  • Découvrir les incidents
  • Vue spatiale
  • Vue de tableau
  • Vue de liste
  • Entités
  • Taxonomies
  • Soumettre des rapports d'incident
  • Classement des reporters
  • Blog
  • Résumé de l’Actualité sur l’IA
  • Contrôle des risques
  • Incident au hasard
  • S'inscrire
Fermer
Entités

National cybersecurity infrastructure of Ukraine

Affecté par des incidents

Incident 12202 Rapports
LAMEHUG Malware Reportedly Integrates Large Language Model for Real-Time Command Generation in a Purported APT28-Linked Cyberattack

2025-07-10

Ukraine's CERT-UA and Cato CTRL reported LAMEHUG, the first known malware to integrate a large language model (Qwen2.5-Coder-32B-Instruct via Hugging Face) for real-time command generation. Attributed with moderate confidence to APT28 (Fancy Bear), the malware reportedly targeted Ukrainian officials through phishing emails. The LLM is reported to have dynamically generated reconnaissance and data-exfiltration commands executed on infected systems.

Plus

Entités liées
Autres entités liées au même incident. Par exemple, si le développeur d'un incident est cette entité mais que le responsable de la mise en œuvre est une autre entité, ils sont marqués comme entités liées.
 

Entity

APT28

Incidents involved as Deployer
  • Incident 1220
    2 Report

    LAMEHUG Malware Reportedly Integrates Large Language Model for Real-Time Command Generation in a Purported APT28-Linked Cyberattack

Plus
Entity

Fancy Bear

Incidents involved as Deployer
  • Incident 1220
    2 Report

    LAMEHUG Malware Reportedly Integrates Large Language Model for Real-Time Command Generation in a Purported APT28-Linked Cyberattack

Plus
Entity

Alibaba

Incidents involved as Developer
  • Incident 1220
    2 Report

    LAMEHUG Malware Reportedly Integrates Large Language Model for Real-Time Command Generation in a Purported APT28-Linked Cyberattack

Plus
Entity

hugging face

Incidents involved as Developer
  • Incident 1220
    2 Report

    LAMEHUG Malware Reportedly Integrates Large Language Model for Real-Time Command Generation in a Purported APT28-Linked Cyberattack

Plus
Entity

Government of Ukraine

Affecté par des incidents
  • Incident 1220
    2 Report

    LAMEHUG Malware Reportedly Integrates Large Language Model for Real-Time Command Generation in a Purported APT28-Linked Cyberattack

Plus
Entity

Ukrainian government ministries

Affecté par des incidents
  • Incident 1220
    2 Report

    LAMEHUG Malware Reportedly Integrates Large Language Model for Real-Time Command Generation in a Purported APT28-Linked Cyberattack

Plus
Entity

Ukrainian government officials

Affecté par des incidents
  • Incident 1220
    2 Report

    LAMEHUG Malware Reportedly Integrates Large Language Model for Real-Time Command Generation in a Purported APT28-Linked Cyberattack

Plus
Entity

Public sector information systems

Affecté par des incidents
  • Incident 1220
    2 Report

    LAMEHUG Malware Reportedly Integrates Large Language Model for Real-Time Command Generation in a Purported APT28-Linked Cyberattack

Plus
Entity

State institutions targeted by espionage operations

Affecté par des incidents
  • Incident 1220
    2 Report

    LAMEHUG Malware Reportedly Integrates Large Language Model for Real-Time Command Generation in a Purported APT28-Linked Cyberattack

Plus
Entity

Qwen2.5-Coder-32B-Instruct

Incidents implicated systems
  • Incident 1220
    2 Report

    LAMEHUG Malware Reportedly Integrates Large Language Model for Real-Time Command Generation in a Purported APT28-Linked Cyberattack

Plus
Entity

Hugging Face API platform

Incidents implicated systems
  • Incident 1220
    2 Report

    LAMEHUG Malware Reportedly Integrates Large Language Model for Real-Time Command Generation in a Purported APT28-Linked Cyberattack

Plus
Entity

LAMEHUG malware family

Incidents implicated systems
  • Incident 1220
    2 Report

    LAMEHUG Malware Reportedly Integrates Large Language Model for Real-Time Command Generation in a Purported APT28-Linked Cyberattack

Plus
Entity

PyInstaller-compiled Python executables

Incidents implicated systems
  • Incident 1220
    2 Report

    LAMEHUG Malware Reportedly Integrates Large Language Model for Real-Time Command Generation in a Purported APT28-Linked Cyberattack

Plus
Entity

Flux AI image generation API

Incidents implicated systems
  • Incident 1220
    2 Report

    LAMEHUG Malware Reportedly Integrates Large Language Model for Real-Time Command Generation in a Purported APT28-Linked Cyberattack

Plus
Entity

stayathomeclasses[.]com exfiltration endpoint

Incidents implicated systems
  • Incident 1220
    2 Report

    LAMEHUG Malware Reportedly Integrates Large Language Model for Real-Time Command Generation in a Purported APT28-Linked Cyberattack

Plus
Entity

144[.]126[.]202[.]227 SFTP server

Incidents implicated systems
  • Incident 1220
    2 Report

    LAMEHUG Malware Reportedly Integrates Large Language Model for Real-Time Command Generation in a Purported APT28-Linked Cyberattack

Plus

Recherche

  • Définition d'un « incident d'IA »
  • Définir une « réponse aux incidents d'IA »
  • Feuille de route de la base de données
  • Travaux connexes
  • Télécharger la base de données complète

Projet et communauté

  • À propos de
  • Contacter et suivre
  • Applications et résumés
  • Guide de l'éditeur

Incidents

  • Tous les incidents sous forme de liste
  • Incidents signalés
  • File d'attente de soumission
  • Affichage des classifications
  • Taxonomies

2024 - AI Incident Database

  • Conditions d'utilisation
  • Politique de confidentialité
  • Open twitterOpen githubOpen rssOpen facebookOpen linkedin
  • 6f6c5a5