A threat group named 'Armored Likho' has infiltrated critical infrastructure networks in Russia, Brazil, and Kazakhstan using a sophisticated malware toolkit. Their primary weapon, known as 'BusySnake Stealer', is a previously undocumented Python-based infostealer capable of harvesting sensitive information, including credentials and cryptographic data. The group's tactics involve spear-phishing emails that disguise malware as legitimate communications.
Kaspersky researchers noted the use of large language models to generate payloads and emphasized the campaign's complexity aimed at evading detection. The trend of targeting critical infrastructure underlines the escalating sophistication of cyber threats, particularly from state-backed actors.