hacker-news · Crawled Jul 5, 2026
Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer
5 IoCs
Read original article ↗
AI Summary
A threat actor known as Armored Likho is conducting cyber espionage and financially motivated attacks against government agencies and the power sector in Russia, Brazil, and Kazakhstan. The group uses a mix of modular RATs, infostealers, and tools like Go2Tunnel for remote access and data exfiltration. A new Python-based infostealer, BusySnake Stealer, has been identified, which steals credentials, cookies, screenshots, and documents while evading detection through obfuscation and dynamic code execution. The attacks begin with spear-phishing emails delivering malicious payloads via RAR archives or weaponized LNK files exploiting CVE-2025-9491.
AI-extracted · verify before operational use