Awaken Likho

Awaken Likho, a threat actor identified as an Advanced Persistent Threat (APT) group, has been active since at least July 2021, primarily targeting government organizations and contractors. This cyber adversary gained significant attention after ramping up its activities following the onset of the Russo-Ukrainian conflict. Awaken Likho operators typically employ search engines to gather extensive information about their victims, crafting convincing messages to further their malicious campaigns. The group, also referred to as Core Werewolf by some vendors, is known for its ability to adjust its Tactics, Techniques, and Procedures (TTPs) to maintain effectiveness. A new Awaken Likho campaign was discovered in May 2024, where slight adjustments were observed in the group's TTPs. This evolution in strategy indicates the group's adaptability and persistent threat. In June 2024, another campaign was uncovered, showcasing further modifications in its TTPs. This campaign is still ongoing, reflecting the group's relentless pursuit of its objectives. Our team has been actively tracking these campaigns since their inception and published three detailed reports in August and September 2024 through our threat research subscription service. Given the group's history and demonstrated capabilities, we expect Awaken Likho to continue its malicious operations, specifically targeting and infiltrating selected infrastructure in future attacks. Based on the used TTPs and victim information, we hold with high confidence that Awaken Likho is behind these campaigns. As such, organizations, particularly those in government sectors and related contractors, are urged to remain vigilant and adopt robust cybersecurity measures to mitigate potential threats.