Close Menu

    Subscribe to Updates

    Get the latest Tech news from SynapseFlow

    What's Hot

    BOMBSHELLS In Morgan Stanley Adam Jonas SpaceX Analysis Up to 2028 or 2030

    July 8, 2026

    Sony Bravia Theater Bar 7 review: one step forward, two steps back

    July 8, 2026

    How to optimize Workflow with Scheduled Copilot Cowork Tasks

    July 8, 2026
    Facebook X (Twitter) Instagram
    • Homepage
    • About Us
    • Contact Us
    • Privacy Policy
    Facebook X (Twitter) Instagram YouTube
    synapseflow.co.uksynapseflow.co.uk
    • AI News & Updates
    • Cybersecurity
    • Future Tech
    • Reviews
    • Software & Apps
    • Tech Gadgets
    synapseflow.co.uksynapseflow.co.uk
    Home»Cybersecurity»Armored Likho APT Targeting Government, Electric Power Entities
    Armored Likho APT Targeting Government, Electric Power Entities
    Cybersecurity

    Armored Likho APT Targeting Government, Electric Power Entities

    The Tech GuyBy The Tech GuyJuly 7, 2026No Comments3 Mins Read0 Views
    Share
    Facebook Twitter LinkedIn Pinterest Email
    Advertisement


    A recently discovered advanced persistent threat (APT) actor has been targeting government and electric power organizations in multiple countries, Kaspersky reports.

    Advertisement

    Dubbed Armored Likho, the APT engages both in financially motivated attacks against individuals and in cyber-espionage operations against organizations in Russia, Brazil, and Kazakhstan.

    The threat actor’s arsenal includes modular remote access trojans (RATs) and information stealers, including the Python-based BusySnake Stealer, and tools like Go2Tunnel for remote access and network tunneling.

    “This diverse malware stack enables the threat actor to maintain stealthy control of compromised hosts, exfiltrate credentials and other sensitive information, and dynamically deploy downloadable modules tailored to the victim’s profile and the tasks at hand,” Kaspersky notes.

    Armored Likho mainly relies on spear-phishing for initial access. Archives attached to its emails contain executables or LNK files that, once opened, display decoys while malware is being installed in the background.

    A loader injected in memory via such an executable was seen fetching archives from GitHub repositories that contain early development builds and test samples of the malware. The LNK files display a fake document while a Python 3.12 interpreter and an archive are fetched in the background.

    Advertisement. Scroll to continue reading.

    Among other components, the archives contain a Python-based infostealer that Kaspersky tracks as BusySnake Stealer. The malware packs multiple evasion techniques and dynamically decrypts bytecode when a function is called, encrypting it immediately after, and runs in the background without a console window.

    The stealer relies on multiple handlers for various functions, such as clipboard theft, file enumeration, 64-character hexadecimal key extraction, document exfiltration, screenshot capture, screenshot archiving, persistence checks, and command execution.

    Based on commands received from the command-and-control (C&C) server, the malware can capture screenshots, exfiltrate logged keystroke data, decrypt stored passwords from Chromium-based and Firefox browsers, extract cookies from browsers, scrape the machine for OTP keys, find cryptocurrency wallets, harvest Telegram sessions and credentials, establish a reverse SSH tunnel, and restart RustDesk to capture users’ credentials.

    Before BusySnake Stealer, Armored Likho relied on Go2Tunnel to establish a reverse SSH tunnel, but has implemented the functionality into the infostealer, which can now provide the attackers with persistent remote access and interactive control over the victim’s system.

    Armored Likho’s operations appear to overlap with Eagle Werewolf activity. Previously, the hacking group was seen using the AquilaRAT RAT, which shares a similar structure and persistence mechanism with BusySnake Stealer.

    Related: Russian APT Deploys ‘StockStay’ Backdoor Against Ukrainian Targets

    Related: New ‘Mistic’ RAT Opens Door to Several Ransomware Families

    Related: Hackers Target Global Stock Exchange in Espionage Operation

    Related: Sophisticated Deep#Door Backdoor Enables Espionage, Disruption

    Advertisement
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    The Tech Guy
    • Website

    Related Posts

    Webinar Today: Why Email Security Keeps Failing

    July 8, 2026

    Critical Adobe ColdFusion Vulnerability Exploited in Attacks

    July 8, 2026

    Critical Gitea Flaw Under Active Exploitation, Researchers Warn

    July 8, 2026

    County Government Reportedly Paid $1 Million to Cyber Extortion Group

    July 7, 2026

    CISA Reportedly Using Anthropic’s Mythos to Scan Government Software for Flaws

    July 7, 2026

    The Shift Toward Business-Aligned Risk Management

    July 7, 2026
    Leave A Reply Cancel Reply

    Advertisement
    Top Posts

    You don’t need a NAS to self-host — I proved it with hardware from my closet

    June 7, 2026253 Views

    Spotify is giving one of its best playlists a big visual upgrade to give subscribers ‘a closer connection’ to its New Music Friday curators — and I think it could be the update it’s always needed

    June 12, 2026157 Views

    The iPad Air brand makes no sense – it needs a rethink

    October 12, 202516 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Advertisement
    About Us
    About Us

    SynapseFlow brings you the latest updates in Technology, AI, and Gadgets from innovations and reviews to future trends. Stay smart, stay updated with the tech world every day!

    Our Picks

    BOMBSHELLS In Morgan Stanley Adam Jonas SpaceX Analysis Up to 2028 or 2030

    July 8, 2026

    Sony Bravia Theater Bar 7 review: one step forward, two steps back

    July 8, 2026

    How to optimize Workflow with Scheduled Copilot Cowork Tasks

    July 8, 2026
    categories
    • AI News & Updates
    • Cybersecurity
    • Future Tech
    • Reviews
    • Software & Apps
    • Tech Gadgets
    Facebook X (Twitter) Instagram Pinterest YouTube Dribbble
    • Homepage
    • About Us
    • Contact Us
    • Privacy Policy
    © 2026 SynapseFlow All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.

    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.