<img height="1" width="1" style="display: none" alt="" src="https://px.ads.linkedin.com/collect/?pid=1098858&amp;fmt=gif">

New APT Group 'Armored Likho' Hits Critical Infrastructure with AI-Assisted Malware

Discover how the "Armored Likho" group uses AI to enhance spear-phishing attacks targeting critical infrastructure in Russia, Brazil, and Kazakhstan.
Content Team

A newly discovered threat group called "Armored Likho" is targeting government agencies and critical infrastructure across Russia, Brazil, and Kazakhstan using spear-phishing emails disguised as official government or social assistance communications.

Their main weapon is a Python-based infostealer dubbed "BusySnake" — capable of stealing passwords, cookies, cryptographic keys, and Telegram session data, while also opening backdoor access via reverse SSH tunnels. Notably, Kaspersky researchers found evidence the attackers used AI language models to generate early-stage payloads, speeding up attack development. The group's nation-state affiliation remains unconfirmed.

Source: Dark Reading

Share this article
Share on facebook Share on linkedin Share on twitter Share on email
blog_book_a_demo_cta_3x
Have questions about protecting your software?
Our escrow experts are standing by to help.
Book a free demo