THE report discusses a new phishing campaign attributed to the Armored Likho APT group, targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan using the BusySnake Stealer malware. This campaign utilizes spear-phishing emails containing deceptive archives that, when opened, silently execute scripts to download and install the malware.
BusySnake Stealer, a Python-based information stealer, collects sensitive data such as passwords from browsers and can establish remote access to compromised systems. Analysts suspect the campaign employs AI tools for coding, enhancing the group's cyber-espionage and financial theft capabilities. Ongoing active investigations aim to mitigate the threats posed by this group.