Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer — [https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTOYmjevwtg2njZKR

armored-likho-targets-government-agencies-power-sector-with-busysnake-stealer

What’s new: A new threat actor, Armored Likho, has been identified targeting government agencies and the electric power sector in Russia, Brazil, and Kazakhstan. This group utilizes a previously unreported Python-based information stealer named BusySnake, which employs advanced evasion techniques and is capable of stealing sensitive data, including cookies and credentials, while maintaining persistence on infected systems.

Who’s affected

Government agencies and organizations within the electric power sector in Russia, Brazil, and Kazakhstan are the primary targets of Armored Likho’s cyber attacks.

What to do

  • Implement robust email filtering to detect and block spear-phishing attempts that may deliver malicious payloads.
  • Ensure all systems are updated with the latest security patches, particularly addressing vulnerabilities like CVE-2025-9491.
  • Monitor for unusual network activity, especially related to remote access tools and unauthorized data exfiltration.
  • Educate staff about the risks of phishing and the importance of verifying official communications.

Sources