A threat group researchers call "Armored Likho" has gained access to government agencies and electrical power entities in Russia, Brazil, and Kazakhstan.
July 6, 2026
A previously unknown advanced persistent threat (APT) group is targeting government agencies and critical infrastructure organizations in multiple countries with an extensive sophisticated malware toolkit designed to steal credentials, sensitive documents, and other high-value data.
The campaign, which researchers at Kaspersky are tracking as "Armored Likho," has so far claimed victims in Russia, Brazil, and Kazakhstan. The attacks have included both financially motivated campaigns targeted at individuals and cyber-espionage operations against organizations in those countries.
Kaspersky observed the group launching attacks through spear-phishing emails masquerading as official government communications or social assistance communications and documents. Kaspersky found the emails to contain archive files with either malicious executables or Windows shortcut files disguised as documents such as psychological tests, humanitarian aid applications, or debt clearance certificates.









