www.darkreading.com 7/6/2026, 10:11:06 PM · external

'BusySnake' Infostealer Slithers into Critical Infrastructure Networks

'BusySnake' Infostealer Slithers into Critical Infrastructure Networks
Developing story campaign 4 articles tracked
Armored Likho APT deploys BusySnake Stealer against power sector
CyberSIXT Evidence Panel
Primary Source securelist.com
Threat Actor
Armored Likho

A threat group named 'Armored Likho' has infiltrated critical infrastructure networks in Russia, Brazil, and Kazakhstan using a sophisticated malware toolkit. Their primary weapon, known as 'BusySnake Stealer', is a previously undocumented Python-based infostealer capable of harvesting sensitive information, including credentials and cryptographic data. The group's tactics involve spear-phishing emails that disguise malware as legitimate communications.

Kaspersky researchers noted the use of large language models to generate payloads and emphasized the campaign's complexity aimed at evading detection. The trend of targeting critical infrastructure underlines the escalating sophistication of cyber threats, particularly from state-backed actors.

View Primary Source Via www.darkreading.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline