'BusySnake' Infostealer Slithers into Critical Infrastructure Networks
ID: 081a6507-d5f8-5af8-b867-fdd07a32fd73
STIX ID: report--081a6507-d5f8-5af8-b867-fdd07a32fd73
Feed Name: Dark Reading
Kaspersky reports an Armored Likho APT campaign leveraging spear-phishing archives to deploy a previously undocumented Python infostealer named BusySnake against government and critical infrastructure organizations (and some financially motivated individual attacks). BusySnake harvests a wide range of sensitive data, can set up reverse SSH tunnels and remote access, uses PyArmor-based obfuscation and other anti-analysis techniques, and the campaign shows signs of AI-assisted code generation and tool polymorphism aimed at long-term credential theft and stealthy access.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
