New APT Group 'Armored Likho' Hits Critical Infrastructure with AI-Assisted Malware
Discover how the "Armored Likho" group uses AI to enhance spear-phishing attacks targeting critical infrastructure in Russia, Brazil, and Kazakhstan.
By
Content Team
ON THIS PAGE
Want more insights like this?
Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.
By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.
A newly discovered threat group called "Armored Likho" is targeting government agencies and critical infrastructure across Russia, Brazil, and Kazakhstan using spear-phishing emails disguised as official government or social assistance communications.
Their main weapon is a Python-based infostealer dubbed "BusySnake" — capable of stealing passwords, cookies, cryptographic keys, and Telegram session data, while also opening backdoor access via reverse SSH tunnels. Notably, Kaspersky researchers found evidence the attackers used AI language models to generate early-stage payloads, speeding up attack development. The group's nation-state affiliation remains unconfirmed.
Source: Dark Reading
Have questions about protecting your software?
Our escrow experts are standing by to help.
Book a free demo