Cybersecurity researchers at Positive Technologies Expert Security Center (PT ESC) recently uncovered a new threat actor they’ve named Lazy Koala. Despite lacking sophistication, this group has managed to achieve significant results.
The report reveals that Lazy Koala is targeting enterprises primarily in Russia and six other Commonwealth of Independent States countries: Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, and Armenia. Their victims belong to government agencies, financial institutions, and educational establishments. Their primary aim is to acquire login credentials for various services.
According to the researchers, nearly 900 accounts have been compromised so far. The purpose behind the stolen information remains unclear, but it’s suspected that it may either be sold on the dark web or utilized in more severe subsequent attacks.
The modus operandi of Lazy Koala involves simple yet effective tactics. They employ convincing phishing attacks, often using native languages to lure victims into downloading and executing attachments. These attachments contain a basic password-stealing malware. The stolen files are then exfiltrated through Telegram bots, with the individual managing these bots being dubbed Koala, hence the group’s name.
Denis Kuvshinov, Head of Threat Analysis at PT ESC, describes Lazy Koala’s approach as “harder
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: