Home/News/Armored Likho Targets Governments, Power Sector with BusySnake
The Hacker News2 min read

Armored Likho Targets Governments, Power Sector with BusySnake

A previously undocumented threat actor, identified as Armored Likho, has been linked to cyber attacks targeting government agencies and the electric power sector in Russia, Brazil, and Kazakhstan. Kaspersky researchers published a technical analysis today detailing the group's activities. Armored Likho is noted for its dual approach, combining financially motivated campaigns against individuals with targeted cyber espionage against organizations.

The threat actor utilizes a custom information-stealing malware known as BusySnake. This malware is designed to exfiltrate sensitive data, including credentials, system information, and potentially other confidential files. The attacks appear to be sophisticated, employing techniques to evade detection and maintain persistence within compromised networks. The specific motivations behind the cyber espionage activities remain under investigation, but the targeting of government and critical infrastructure suggests a focus on intelligence gathering or disruption.

Kaspersky's analysis highlights that Armored Likho's operational infrastructure and tactics, techniques, and procedures (TTPs) suggest a well-resourced and organized group. The geographical spread of the attacks across three distinct countries indicates a broad operational scope. The BusySnake stealer's capabilities are continuously being updated, posing an evolving threat to the targeted sectors. Further research is ongoing to fully understand the extent of Armored Likho's operations and its potential impact on national security and critical infrastructure.

Original source — read the full reporting at the publisher:

Read on The Hacker News

Read next