A threat group tracked as Armored Likho has deployed a new infostealer malware, dubbed BusySnake, against critical infrastructure networks. The campaign has compromised government agencies and electrical power entities in Russia, Brazil, and Kazakhstan, according to Dark Reading.

BusySnake functions as a credential and data theft tool, specifically targeting sensitive information from compromised systems. The malware's operators have demonstrated a focus on high-value targets within essential services, though the full scope of the infiltration remains under investigation.

Technical details on the attack vector are limited, but the malware is believed to propagate through phishing campaigns and exploit publicly known vulnerabilities. Indicators of compromise include unauthorized data exfiltration to remote servers and the presence of unusual process activity on affected machines.

No patches or specific mitigation steps have been released publicly, as the threat is still being analyzed. Organizations in the energy and government sectors are advised to enforce strict access controls, monitor for anomalous network traffic, and conduct thorough system audits.

Attribution points to Armored Likho, a group previously linked to cyber espionage campaigns. The targeting of multiple countries suggests a coordinated effort, though the ultimate motivations—financial gain or state-sponsored intelligence collection—remain unclear.