{ "id": "e97201bd-cece-4d9d-a060-6a73b34064da", "created_at": "2026-04-06T00:17:47.24525Z", "updated_at": "2026-04-10T03:36:59.856609Z", "deleted_at": null, "sha1_hash": "4ec2e86310105f7430e766c941a4397fe250ac62", "title": "MITRE: Russian APT28's LameHug, a Pilot for Future AI Cyber-Attacks", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 307601, "plain_text": "MITRE: Russian APT28's LameHug, a Pilot for Future AI Cyber-Attacks\r\nBy Kevin Poireault\r\nPublished: 2025-08-12 · Archived: 2026-04-05 14:25:19 UTC\r\nAPT28’s LameHug wasn’t just malware, it was a trial run for AI-driven cyber war, according to experts at\r\nMITRE.\r\nMarissa Dotter, lead AI Engineer at MITRE, and Gianpaolo Russo, principal AI/cyber operations Engineer at\r\nMITRE, shared their work with MITRE’s new Offensive Cyber Capability Unified LLM Testing (OCCULT)\r\nframework at the pre-Black Hat AI Summit, a one-day event held in Las Vegas on August 5.\r\nThe OCCULT framework initiative started in the spring of 2024 and aimed to measure autonomous agent\r\nbehaviors and evaluate the performance of large language models (LLMs) and AI agents in offensive cyber\r\ncapabilities.\r\nSpeaking to Infosecurity during Black Hat, Dotter and Russo explained that the emergence of LameHug, revealed\r\nby a July 2025 report by the National Computer Emergency Response Team of Ukraine (CERT-UA), was a good\r\nopportunity to showcase the work their team has been conducting with OCCULT for the past year.\r\n“When we first were making this briefing [for the AI Summit talk], there was no publicly documented example of\r\nactual malware integrating LLM capabilities. So, I was a little worried that people would think we were talking\r\nsci-fi,” admitted Russo.\r\n“But then, the report about APT28’s LameHug campaign dropped, and that allowed us to show that what we’re\r\nevaluating is no longer sci-fi.”\r\nLameHug: A “Primitive” Testbed for Future AI-Powered Attacks\r\nThe LameHug malware is developed in Python and relies on the application programming interface of Hugging\r\nFace, an AI model repository, to interact with Alibaba’s open-weight LLM Qwen2.5-Coder-32B-Instruct.\r\nCERT-UA specialists said that a compromised email account was used to disseminate emails containing the\r\nmalicious software. \r\nRusso described the operation as “fairly primitive,” emphasizing that instead of embedding malicious payloads or\r\nexfiltration logic directly in the malware, LameHug carried only natural language task descriptions.\r\n“If you were scanning these binaries, you wouldn’t find any malicious payloads, process injections, exfil logic,\r\netc. Instead, the malware would reach out to an inference provider, in this case, Hugging Face, and have the LLM\r\nresolve the natural language tasks into code that it could execute. Then it would have these dynamic commands to\r\nexecute,” Russo said.\r\nhttps://www.infosecurity-magazine.com/news/mitre-russian-apt28-lamehug/\r\nPage 1 of 4\n\nThis approach allowed the malware to evade traditional detection techniques, as the actual malicious logic was\r\ngenerated on demand by the LLM, rather than being statically present in the binary.\r\nRusso further noted that there was no “intelligent control” in LameHug. All the control was scripted by the human\r\noperators, with the LLM handling only low-level activities.\r\nHe characterized the campaign as a pilot or test.\r\n“We can kind of see they’re starting to pilot some of these technologies out in the threat space,” Russo said.  \r\nHe also pointed out that his team had developed a nearly identical prototype in their lab, underscoring that the\r\ntechniques used were not particularly sophisticated but represented a significant shift in the threat landscape.\r\nSource: MITRE\r\nHowever, Russo believes that we’re soon going to see attack campaigns where an LLM or other AI-based control\r\nsystem is given “more reasoning and even decision-making capacity.”\r\n“This is where the kind of self-sufficient, autonomous agents come into play, with attacks where every agent has\r\nits own reasoning capacity, so there is no dependency on a single communications path. The control would\r\nessentially be decentralized,” he explained.\r\nRusso argued that this type of multi-autonomous agent campaign will allow threat actors to overcome the “human\r\nattention bottlenecks” and allow larger-scale attacks.\r\n“When these bottlenecks are taken away, human attention can scale up to where operators only manage very high-level control. So, the human operator would work at the strategic level, interrogating multiple target spaces at once\r\nand scaling up their operations,” he added.\r\nIntroducing MITRE OCCULT\r\nThis type of scenario is motivation behind the start of OCCULT project.\r\nhttps://www.infosecurity-magazine.com/news/mitre-russian-apt28-lamehug/\r\nPage 2 of 4\n\n“We started to see the first LLMs trained for cyber purposes, either in research environments, like Pentest GPT, or\r\nby threat actors.  Quickly, we identified a gap. These models were coming out, but there weren't a lot of\r\nevaluations to estimate their capabilities or the implications of actors leveraging them,” Dotter said.\r\nShe highlighted that most cyber benchmarks for LLMs were “one-off tests” or were focused on specific tasks,\r\nsuch as evaluating LLMs' capabilities at capture-the-flag (CTF) competitions, cyber threat intelligence accuracy,\r\nor vulnerability discovery capabilities, but not on offensive cyber capabilities.\r\nBuilding on a decade of MITRE’s internal research and development (R\u0026D) in autonomous cyber operations,\r\nOCCULT was created as both a methodology and a platform for evaluating AI models in cyber offense scenarios\r\nagainst real-world techniques, tactics and procedures (TTP) mapping frameworks like MITRE ATT\u0026CK.\r\nThe project aims to create test and benchmark suites by using simulation environments.\r\nDotter told Infosecurity that OCCULT uses a high-fidelity simulation platform called CyberLayer, which acts as a\r\ndigital twin of real-world networks.\r\n“CyberLayer is designed to be indistinguishable from a real terminal, providing the same outputs and interactions\r\nas an actual network environment. This enables the team to observe how AI models interact with command lines,\r\nuse cyber tools and make decisions in a controlled, repeatable way,” Dotter explained.\r\nThe OCCULT team integrates a range of open-source tools into its simulation environment. These include:\r\nMITRE Caldera, a well-known adversary emulation platform\r\nLangfuse, an LLM engineering platform\r\nGradio, an engine to build machine learning applications\r\nBloodHound, a tool designed to map out and analyze attack paths in Active Directory (AD) environments\r\nand, more recently, model context protocol (MCP) infrastructure\r\nSource: MITRE\r\nhttps://www.infosecurity-magazine.com/news/mitre-russian-apt28-lamehug/\r\nPage 3 of 4\n\n“We want to pair [LLMs] with novel infrastructure, like simulated cyber ranges, emulation range and other tools\r\nso we get this really rich data collection of not only how the LLMs are interacting with the command line, but also\r\nthe tool calling they’re using, their reasoning, their outputs, what’s happening on the network,” Dotter added.\r\nBy pairing LLMs with Caldera and other cyber toolkits, they can also observe how AI agents perform real\r\noffensive actions, such as lateral movement, credential harvesting and network enumeration.\r\nThis approach allows them to measure not just whether an AI can perform a task, but how well it does so, how it\r\nadapts over time and what its detection footprint looks like.\r\nLooking ahead, the OCCULT team plans to:\r\nExpand the range of models and scenarios tested, keeping pace with the rapid development of new LLMs\r\nand AI agents\r\nDevelop more comprehensive and polished evaluation categories, including operational scenarios, tool/data\r\nexploitation and knowledge tests\r\nContinue building out the simulation and automation infrastructure, making it easier to drop in new models\r\nand run large-scale evaluations\r\nShare findings – through researcher papers – and tools with the broader community, to make OCCULT as\r\nopen-source and community-driven as possible\r\nExplore the creation of a community or center for evaluating cyber agents, enabling collaborative\r\nbenchmarking and raising the bar for both offense and defense in AI-driven cyber operations\r\nSource: https://www.infosecurity-magazine.com/news/mitre-russian-apt28-lamehug/\r\nhttps://www.infosecurity-magazine.com/news/mitre-russian-apt28-lamehug/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.infosecurity-magazine.com/news/mitre-russian-apt28-lamehug/" ], "report_names": [ "mitre-russian-apt28-lamehug" ], "threat_actors": [ { "id": "d90307b6-14a9-4d0b-9156-89e453d6eb13", "created_at": "2022-10-25T16:07:23.773944Z", "updated_at": "2026-04-10T02:00:04.746188Z", "deleted_at": null, "main_name": "Lead", "aliases": [ "Casper", "TG-3279" ], "source_name": "ETDA:Lead", "tools": [ "Agentemis", "BleDoor", "Cobalt Strike", "CobaltStrike", "RbDoor", "RibDoor", "Winnti", "cobeacon" ], "source_id": "ETDA", "reports": null }, { "id": "75108fc1-7f6a-450e-b024-10284f3f62bb", "created_at": "2024-11-01T02:00:52.756877Z", "updated_at": "2026-04-10T02:00:05.273746Z", "deleted_at": null, "main_name": "Play", "aliases": null, "source_name": "MITRE:Play", "tools": [ "Nltest", "AdFind", "PsExec", "Wevtutil", "Cobalt Strike", "Playcrypt", "Mimikatz" ], "source_id": "MITRE", "reports": null }, { "id": "3fff98c9-ad02-401d-9d4b-f78b5b634f31", "created_at": "2023-01-06T13:46:38.376868Z", "updated_at": "2026-04-10T02:00:02.949077Z", "deleted_at": null, "main_name": "Cleaver", "aliases": [ "G0003", "Operation Cleaver", "Op Cleaver", "Tarh Andishan", "Alibaba", "TG-2889", "Cobalt Gypsy" ], "source_name": "MISPGALAXY:Cleaver", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "730dfa6e-572d-473c-9267-ea1597d1a42b", "created_at": "2023-01-06T13:46:38.389985Z", "updated_at": "2026-04-10T02:00:02.954105Z", "deleted_at": null, "main_name": "APT28", "aliases": [ "Pawn Storm", "ATK5", "Fighting Ursa", "Blue Athena", "TA422", "T-APT-12", "APT-C-20", "UAC-0001", "IRON TWILIGHT", "SIG40", "UAC-0028", "Sofacy", "BlueDelta", "Fancy Bear", "GruesomeLarch", "Group 74", "ITG05", "FROZENLAKE", "Forest Blizzard", "FANCY BEAR", "Sednit", "SNAKEMACKEREL", "Tsar Team", "TG-4127", "STRONTIUM", "Grizzly Steppe", "G0007" ], "source_name": "MISPGALAXY:APT28", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "e3767160-695d-4360-8b2e-d5274db3f7cd", "created_at": "2022-10-25T16:47:55.914348Z", "updated_at": "2026-04-10T02:00:03.610018Z", "deleted_at": null, "main_name": "IRON TWILIGHT", "aliases": [ "APT28 ", "ATK5 ", "Blue Athena ", "BlueDelta ", "FROZENLAKE ", "Fancy Bear ", "Fighting Ursa ", "Forest Blizzard ", "GRAPHITE ", "Group 74 ", "PawnStorm ", "STRONTIUM ", "Sednit ", "Snakemackerel ", "Sofacy ", "TA422 ", "TG-4127 ", "Tsar Team ", "UAC-0001 " ], "source_name": "Secureworks:IRON TWILIGHT", "tools": [ "Downdelph", "EVILTOSS", "SEDUPLOADER", "SHARPFRONT" ], "source_id": "Secureworks", "reports": null }, { "id": "ae320ed7-9a63-42ed-944b-44ada7313495", "created_at": "2022-10-25T15:50:23.671663Z", "updated_at": "2026-04-10T02:00:05.283292Z", "deleted_at": null, "main_name": "APT28", "aliases": [ "APT28", "IRON TWILIGHT", "SNAKEMACKEREL", "Group 74", "Sednit", "Sofacy", "Pawn Storm", "Fancy Bear", "STRONTIUM", "Tsar Team", "Threat Group-4127", "TG-4127", "Forest Blizzard", "FROZENLAKE", "GruesomeLarch" ], "source_name": "MITRE:APT28", "tools": [ "Wevtutil", "certutil", "Forfiles", "DealersChoice", "Mimikatz", "ADVSTORESHELL", "Komplex", "HIDEDRV", "JHUHUGIT", "Koadic", "Winexe", "cipher.exe", "XTunnel", "Drovorub", "CORESHELL", "OLDBAIT", "Downdelph", "XAgentOSX", "USBStealer", "Zebrocy", "reGeorg", "Fysbis", "LoJax" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434667, "ts_updated_at": 1775792219, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/4ec2e86310105f7430e766c941a4397fe250ac62.pdf", "text": "https://archive.orkl.eu/4ec2e86310105f7430e766c941a4397fe250ac62.txt", "img": "https://archive.orkl.eu/4ec2e86310105f7430e766c941a4397fe250ac62.jpg" } }