Armored Likho is attributed to cyber attacks against government agencies and the power sector in Russia, Brazil, and Kazakhstan. The group utilizes advanced malware techniques, including BusySnake Stealer and tools like Go2Tunnel, to maintain persistent access and steal sensitive data.
Armored Likho has been linked to cyber attacks across Russia, Brazil, and Kazakhstan, focusing on government agencies and the electric power sector. This previously undocumented threat actor utilizes a combination of financially motivated campaigns and targeted cyber espionage, as highlighted by Kaspersky's recent report.
The threat actor employs a sophisticated toolkit, including the BusySnake Stealer, which targets Windows systems. One version of this malware incorporates a module for stealing cookies from web browsers, enhancing its capability for data exfiltration. Additional tools, such as Go2Tunnel, are used for remote access and maintaining a command-and-control infrastructure.
Attacks typically start with spear-phishing emails containing lures related to official notices, delivering malicious RAR archives. These archives unpack EXE binaries that act as droppers for various payloads, which can be retrieved from GitHub repositories, enabling the installation of additional malware.
Kaspersky noted possible overlaps between Armored Likho and a similar group known as Eagle Werewolf. Both groups focus on targeting government and defense organizations, particularly those linked to UAV development. Eagle Werewolf has also shown capabilities for malware distribution via compromised Telegram channels.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
Armored Likho is attributed to cyber attacks against government agencies and the power sector in Russia, Brazil, and Kazakhstan. The group utilizes advanced malware techniques, including BusySnake Stealer and tools like Go2Tunnel, to maintain persistent access and steal sensitive data.