Angry Likho: Inside a Rapidly Growing Espionage Threat Targeting Eastern Europe

Angry Likho is profiled as a mid-tier APT focused on espionage against government, military, and critical infrastructure targets across Eastern Europe (notably Ukraine, Poland, the Baltic states, and Moldova). The report documents their reliance on realistic phishing lures, minimalistic modular malware (PowerShell/C#, macro loaders, clipboard monitors, credential harvesters), short-lived/cloud-aware C2 infrastructures, persistence via scheduled tasks and registry keys, and evolving OPSEC through 2025 — concluding with defensive recommendations including stronger phishing defenses, MFA, cloud monitoring, and behavioral EDR.