THE report details the activities of a new advanced persistent threat (APT) group, Armored Likho (also known as Eagle Werewolf), which employs AI-generated malware to execute campaigns against governments and electric power infrastructures in Russia, Kazakhstan, and Brazil. The group combines financial attacks with targeted espionage, utilizing a modular toolkit that includes obfuscated remote access Trojans (RATs), the BusySnake Stealer infostealer, and Go2Tunnel for network tunneling.
Their attack vectors often start with spear-phishing emails that trick victims into executing malicious payloads via disguised file attachments. Kaspersky's analysis highlights the unique coding style of the malware, implicating the use of large language models (LLMs) in its development. Despite ongoing obfuscation efforts, the group's activity remains active and focuses on credential theft and establishing persistence within infected systems.