Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Armored Likho APT Threatens Global Government Sectors

Armored Likho APT Threatens Global Government Sectors

Posted on July 6, 2026 By CWS

An emerging advanced persistent threat (APT) group, named Armored Likho, has been identified as targeting both governmental bodies and electric power companies across several nations, according to a report by Kaspersky.

Armored Likho’s Dual-Edged Strategy

Armored Likho is involved in both financial cybercrimes aimed at individuals and espionage activities against organizations in Russia, Brazil, and Kazakhstan. The group employs a versatile toolkit, including modular remote access trojans (RATs) and information stealers such as the Python-based BusySnake Stealer. They also utilize Go2Tunnel for remote access and network tunneling.

Kaspersky highlights that this array of malware allows the threat actor to maintain covert control over infected systems, extract sensitive data, and deploy custom modules suited to the specific target and mission objectives.

Tactics and Techniques

The primary method of initial compromise used by Armored Likho is spear-phishing. They send emails with attached archives containing executables or LNK files. Once these are opened, they distract the user with decoy content while silently installing malware.

This malware includes a loader that, once executed, retrieves archives from GitHub repositories. These repositories contain early-stage development builds and test samples of the malware. The LNK files present a deceptive document while secretly downloading a Python 3.12 interpreter and an archive in the background.

Advanced Malware Capabilities

The archives feature a Python-based infostealer, BusySnake Stealer, which has numerous evasion techniques. It dynamically decrypts bytecode during function calls and encrypts it immediately afterward, all while operating without a visible console window.

BusySnake Stealer is equipped with multiple handlers to manage different functions, including stealing clipboard content, enumerating files, extracting keys, exfiltrating documents, capturing screenshots, checking for persistence, and executing commands. It can also log keystrokes, decrypt stored passwords from browsers, extract browser cookies, search for cryptocurrency wallets, obtain Telegram sessions and credentials, and establish reverse SSH tunnels for persistent access.

Initially, Armored Likho used Go2Tunnel to create reverse SSH tunnels, but this function is now integrated into the BusySnake Stealer, enhancing the attackers’ ability to maintain remote control over affected systems.

Implications and Future Outlook

Armored Likho’s activities show parallels with the Eagle Werewolf group, as both have utilized similar RAT structures and persistence mechanisms. This overlap suggests a possible collaboration or shared origin. The group’s continued evolution and sophisticated tactics pose significant threats to global cybersecurity.

The ongoing development and deployment of such advanced malware highlight the increasing need for robust cybersecurity measures. Organizations worldwide must enhance their defenses to counteract these complex cyber threats effectively.

Security Week News Tags:APT, Armored Likho, BusySnake Stealer, cyber espionage, cyber threat, Cybersecurity, electric power, GitHub, Government, Kaspersky, Malware, Python-based malware, remote access, spear-phishing

Post navigation

Previous Post: Critical Gitea Docker Flaw CVE-2026-20896 Under Attack
Next Post: Microsoft Login Exploit Used in New Phishing Attacks

Related Posts

OpenAI’s Sam Altman Warns of AI Voice Fraud Crisis in Banking OpenAI’s Sam Altman Warns of AI Voice Fraud Crisis in Banking Security Week News
Under Armour Looking Into Data Breach Affecting Customers’ Email Addresses Under Armour Looking Into Data Breach Affecting Customers’ Email Addresses Security Week News
Sandworm Mode: New NPM Supply Chain Attack Uncovered Sandworm Mode: New NPM Supply Chain Attack Uncovered Security Week News
Cox Confirms Oracle EBS Hack as Cybercriminals Name 100 Alleged Victims Cox Confirms Oracle EBS Hack as Cybercriminals Name 100 Alleged Victims Security Week News
Major GitHub Flaw Endangered Millions of Repositories Major GitHub Flaw Endangered Millions of Repositories Security Week News
UK Faces Rising Cyber Threats from Russia, Iran, China UK Faces Rising Cyber Threats from Russia, Iran, China Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert
  • RedWing Malware Offers Banking Fraud via Telegram

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert
  • RedWing Malware Offers Banking Fraud via Telegram

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark