A threat actor tracked as Armored Likho is actively targeting government and electric power entities, according to a SecurityWeek report. The group employs modular remote access trojans (RATs) and information stealers to execute its operations.

The campaign appears to be driven by both financial motives and cyber espionage objectives. While the full scope of impacted systems remains unclear, the targeting of critical infrastructure elevates the risk profile for affected organizations.

Technical details indicate the use of modular malware frameworks, allowing the threat actor to adapt their toolset to specific targets. The RATs enable persistent access, while stealers exfiltrate sensitive data from compromised networks.

No specific patches or mitigation steps have been publicly detailed. Organizations in the targeted verticals should review network logs for indicators of compromise and implement enhanced monitoring for unauthorized remote access activity.

The attribution of Armored Likho remains uncertain, as SecurityWeek did not link the group to any known nation-state. The dual focus on financial theft and espionage suggests a versatile adversary capable of shifting tactics.