Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer
Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer — [https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTOYmjevwtg2njZKR
What’s new: A new threat actor, Armored Likho, has been identified targeting government agencies and the electric power sector in Russia, Brazil, and Kazakhstan. This group utilizes a previously unreported Python-based information stealer named BusySnake, which employs advanced evasion techniques and is capable of stealing sensitive data, including cookies and credentials, while maintaining persistence on infected systems.
Who’s affected
Government agencies and organizations within the electric power sector in Russia, Brazil, and Kazakhstan are the primary targets of Armored Likho’s cyber attacks.
What to do
- Implement robust email filtering to detect and block spear-phishing attempts that may deliver malicious payloads.
- Ensure all systems are updated with the latest security patches, particularly addressing vulnerabilities like CVE-2025-9491.
- Monitor for unusual network activity, especially related to remote access tools and unauthorized data exfiltration.
- Educate staff about the risks of phishing and the importance of verifying official communications.



