Armored Likho Hits Government, Energy Sectors With BusySnake Stealer

https://hackread.com/wp-content/uploads/2026/07/armored-likho-government-energy-busysnake-stealer.jpg

Cybersecurity researchers at Kaspersky have named a previously undocumented threat actor behind an ongoing spear-phishing operation targeting government agencies and electric power organizations in Russia, Kazakhstan, and Brazil.

The group, which they call Armored Likho, is running an extensive malware toolkit built to steal credentials, sensitive documents, and other high-value data. The operation relies on a new Python-based infostealer that analysts call BusySnake, which steals credentials and sensitive files from compromised systems.

Motivation

Researchers believe that there are two motives for the group to run this campaign. One is financially motivated targeting private individuals, and the other is cyber-espionage aimed at organizations.

Kaspersky did not attribute the group to any specific nation, but noted that the campaign appears focused on credential harvesting and maintaining long-term access in government and critical infrastructure environments.

How The Attack Works

The attack chain starts with spear-phishing messages, with lure themes ranging from official government...

Copyright of this story solely belongs to hackread.com. To see the full text click HERE

Read more