A newly discovered threat group called "Armored Likho" is targeting government agencies and critical infrastructure across Russia, Brazil, and Kazakhstan using spear-phishing emails disguised as official government or social assistance communications.
Their main weapon is a Python-based infostealer dubbed "BusySnake" — capable of stealing passwords, cookies, cryptographic keys, and Telegram session data, while also opening backdoor access via reverse SSH tunnels. Notably, Kaspersky researchers found evidence the attackers used AI language models to generate early-stage payloads, speeding up attack development. The group's nation-state affiliation remains unconfirmed.
Source: Dark Reading