CybersecurityJuly 3, 2026· via The Hacker News

Armored Likho strikes governments and power grids with new malware

Armored Likho strikes governments and power grids with new malware

Image : The Hacker News

A previously unknown cyber threat actor named Armored Likho has been linked to attacks on government agencies and electric power companies in Russia, Brazil, and Kazakhstan. Security researchers at Kaspersky report that the group combines financially driven operations against individuals with targeted cyber espionage against organizations.

A dual-purpose threat actor

Armored Likho does not fit the typical profile of state-sponsored groups or common cybercriminals. According to Kaspersky’s analysis, the actor conducts both bulk phishing campaigns aimed at extracting money from private users and highly focused intrusions into critical infrastructure. This dual approach suggests a flexible and opportunistic operation rather than a single-mindedly espionage-focused entity.

New malware in the toolbox

The group relies on a recently identified information-stealing malware called BusySnake. The stealer is designed to harvest sensitive data from compromised systems, including credentials, documents, and system information. While BusySnake appears to be a relatively new tool, its deployment in conjunction with Armored Likho’s broader tactics indicates a deliberate effort to expand the group’s capabilities.

What this means for defenders

The cross-border targeting of both government networks and energy infrastructure raises concerns about potential supply-chain or operational disruptions. Organizations in affected regions should review endpoint detection rules, update threat intelligence feeds, and reinforce staff training against phishing attempts. Early detection remains the most effective way to limit the impact of such versatile adversaries.


Source: The Hacker News. AI-assisted editorial synthesis — TechnoExpress.

Read the original source on The Hacker News →

← Back to home