🟠 High  |  Source: The Hacker News


A newly identified threat group called Armored Likho is conducting cyber attacks against government agencies and energy sector organisations in Russia, Brazil, and Kazakhstan using a malware strain dubbed BusySnake. The group is unusual in that it blends financially motivated attacks on individuals with targeted espionage campaigns against critical infrastructure. The combination of espionage and financial crime makes attribution and defence more complex.

Security Architect’s Take: Review your organisation’s email gateway and endpoint controls for stealer malware indicators, particularly if you operate in government or energy sectors. Ensure cloud-hosted workloads and identity stores are monitored for credential harvesting activity, as stealers frequently exfiltrate cloud access tokens and session cookies.

Original advisory: Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer