www.securityweek.com 7/6/2026, 3:20:53 PM · external

Armored Likho APT deploys BusySnake Stealer against power sector

Armored Likho APT deploys BusySnake Stealer against power sector
Developing story campaign 3 articles tracked
Armored Likho APT deploys BusySnake Stealer against power sector
CyberSIXT Evidence Panel
Primary Source securelist.com
Threat Actor
Armored Likho

A recently identified advanced persistent threat (APT) named Armored Likho targets government and electric power organizations across Russia, Brazil, and Kazakhstan. This group employs both financially motivated attacks and cyber-espionage methods. Their toolkit includes remote access trojans (RATs) like BusySnake Stealer, enabling stealthy control and data exfiltration from compromised systems. For initial access, they primarily use spear-phishing, often distributing malicious executables disguised as safe files.

BusySnake Stealer features advanced malware techniques including clipboard theft, password extraction, and reverse SSH tunneling for maintaining persistence. The operations of Armored Likho show similarities with another hacking group, Eagle Werewolf, suggesting potential collaboration or shared tactics.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline