APT28 Hackers Introduce First Known LLM-Powered Malware, Integrating AI into Attack Methods

Ukraine’s Computer Emergency Response Team (CERT-UA) has made public the discovery of a groundbreaking cyber campaign: malware that natively harnesses the capabilities of large language models (LLMs).

Dubbed “LAMEHUG,” this malware family is the first documented instance of a state-sponsored threat actor identified with moderate confidence as Russia-linked APT28 (also known as Fancy Bear) directly integrating LLMs to automate and augment its attack flow.

The campaign, uncovered in early July 2025, primarily targeted Ukrainian government officials using sophisticated phishing lures that attached ZIP archives containing Python executables compiled with PyInstaller.

How LAMEHUG Leverages LLM Integration

What sets LAMEHUG apart from conventional malware isn’t just its attack vector phishing emails mimicking ministry communications with attachments such as “Додаток.pdf.zip” but its technical innovation: direct, programmatic calls to Alibaba’s Qwen2.5-Coder-32B-Instruct LLM, via the Hugging Face API.

The malware submits base64-encoded prompts, which instruct the LLM to generate operating system commands tailored for information theft and reconnaissance tasks.

Each execution is thus context-sensitive and can bypass signature-based detection, underscoring a leap in malware dynamism.

CERT-UA reports several LAMEHUG variants, including executables posing as productivity tools and image generators (e.g., AI_generator_uncensored_Canvas_PRO_v0.9.exe, AI_image_generator_v0.95.exe, and scripts like Image.py).

Throughout, the core attack logic remains consistent: encode malicious objective as a text prompt, send to a commercial LLM using a pool of approximately 270 authentication tokens, receive human-like synthetic commands, execute them on the infected host, and proceed to data exfiltration.

Prompts reverse-engineered from the samples instruct the LLM to, for example, gather system and user information, copy office documents, and exfiltrate this data.

Proof-of-Concept Nature

Unlike typical APT28 operations, LAMEHUG’s coding and operational sophistication appear intentionally simplistic, lacking evasion features or anti-forensics.

The AI integration is direct rather than obfuscated; prompts and API traffic are only superficially hidden via encoding.

This operational profile, paired with observed variant proliferation and differences in exfiltration (HTTP POST vs. SFTP), strongly suggests a proof-of-concept (PoC) exploratory exercise by APT28.

Ukraine’s status as a recurring testbed for Russian threat actors likely influenced its selection as the target environment.

CERT-UA attributes the campaign to APT28 with moderate confidence, referencing distinct overlaps with historical tactics and infrastructure.

This campaign highlights significant challenges ahead for enterprise defenders. Because commands are generated by a highly capable LLM in real-time, static and signature-based security solutions will struggle to detect such threats.

API communications blend in with legitimate cloud AI workloads. Additionally, behavioral detection must now contend with the near-infinite variety of actions an LLM can synthesize on-demand.

The emergence of LAMEHUG portends a future where AI-powered malware is customized per-target, can rapidly adapt techniques, and uses trusted infrastructures for both command issuance and data exfiltration.

Security experts recommend adopting strict controls over AI platform usage monitoring and restricting access to LLM services, enforcing AI-aware data loss prevention mechanisms, and employing machine-learning driven anomaly detection at both endpoint and network levels.

Modern SASE and XDR platforms, integrating ML-based behavioral analytics and cloud access security, are presented as critical countermeasures in this new era of AI-driven cyberattacks.

The LAMEHUG operation marks a turning point: the PoC test may be simple, but it demonstrates how state-sponsored actors are now operationalizing LLMs to perform automated reconnaissance, exfiltration, and attack evolution, laying groundwork for more mature, evasive, and impactful AI-powered campaigns in future conflicts.

Indicators of Compromise (IoCs)

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates