logo

'BusySnake' Infostealer Slithers into Critical Infrastructure Networks

ID: 081a6507-d5f8-5af8-b867-fdd07a32fd73

STIX ID: report--081a6507-d5f8-5af8-b867-fdd07a32fd73

Feed Name: Dark Reading

Threat Score
85/100

Date Published: 2026-07-06

Date Updated: 2026-07-07

Author: Jai Vijayan

...
...

Kaspersky reports an Armored Likho APT campaign leveraging spear-phishing archives to deploy a previously undocumented Python infostealer named BusySnake against government and critical infrastructure organizations (and some financially motivated individual attacks). BusySnake harvests a wide range of sensitive data, can set up reverse SSH tunnels and remote access, uses PyArmor-based obfuscation and other anti-analysis techniques, and the campaign shows signs of AI-assisted code generation and tool polymorphism aimed at long-term credential theft and stealthy access.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.