Armored Likho APT Targeting Government, Electric Power Entities
A recently discovered advanced persistent threat (APT) actor has been targeting government and electric power organizations in multiple countries, Kaspersky reports.
Dubbed Armored Likho, the APT engages both in financially motivated attacks against individuals and in cyber-espionage operations against organizations in Russia, Brazil, and Kazakhstan.
The threat actor’s arsenal includes modular remote access trojans (RATs) and information stealers, including the Python-based BusySnake Stealer, and tools like Go2Tunnel for remote access and network tunneling.
“This diverse malware stack enables the threat actor to maintain stealthy control of compromised hosts, exfiltrate credentials and other sensitive information, and dynamically deploy downloadable modules tailored to the victim’s profile and the tasks at hand,” Kaspersky notes.
Armored Likho mainly relies on spear-phishing for initial access. Archives attached to its emails contain executables or LNK files that, once opened, display decoys while malware is being installed in the background.
A loader injected in memory via...
Copyright of this story solely belongs to securityweek.com. To see the full text click HERE