Difficult doesn't mean better: the group doesn't disdain simple but effective methods.
Experts from the Positive Technologies Cybersecurity Center (PT ESC) have identified a new hacker group called Lazy Koala. Despite the use of primitive but effective methods of attacks, the criminals managed to compromise about 867 accounts of employees of organizations from Russia and six CIS countries.
During the threat study, PT ESC specialists identified a series of cyber attacks directed against government, financial, medical and educational institutions in Russia, Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan and Armenia. Behind the attacks is a previously unknown group, experts called it Lazy Koala because of its elementary techniques and the username Koala, who managed Telegram bots with stolen data. No links were found with other hacker groups using similar methods.
According to the results of the study, the main goal of the attackers was to steal credentials from various services from the computers of employees of state organizations. Presumably, the stolen information will be used for further attacks on the internal systems of companies or selling cyber services on the shadow market.
Positive Technologies notes that the new grouping adheres to the principle "difficult does not mean better". Lazy Koala doesn't use sophisticated tools, tactics, or techniques, but it does succeed. Their main weapon is a primitive Python password-stealing styler, which, according to coipania experts, is distributed using classic phishing. Attackers convince the victim to open the attachment and run the desired file in the browser, and the attachments are prepared in the national language for each country. After the device is infected, the malware sends the stolen data via Telegram."
Phishing is still one of the main ways for intruders to break into corporate infrastructure. Users are advised to exercise caution, do not open suspicious emails and attachments, do not click on unknown links, do not download software from unverified sources, and use only licensed versions from trusted sources. Organizations should inform employees about various types of phishing and new fraud schemes.
To detect such attacks, it is necessary to use specialized security tools, and to analyze and prevent cyber incidents, involve cybersecurity professionals.
Experts from the Positive Technologies Cybersecurity Center (PT ESC) have identified a new hacker group called Lazy Koala. Despite the use of primitive but effective methods of attacks, the criminals managed to compromise about 867 accounts of employees of organizations from Russia and six CIS countries.
During the threat study, PT ESC specialists identified a series of cyber attacks directed against government, financial, medical and educational institutions in Russia, Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan and Armenia. Behind the attacks is a previously unknown group, experts called it Lazy Koala because of its elementary techniques and the username Koala, who managed Telegram bots with stolen data. No links were found with other hacker groups using similar methods.
According to the results of the study, the main goal of the attackers was to steal credentials from various services from the computers of employees of state organizations. Presumably, the stolen information will be used for further attacks on the internal systems of companies or selling cyber services on the shadow market.
Positive Technologies notes that the new grouping adheres to the principle "difficult does not mean better". Lazy Koala doesn't use sophisticated tools, tactics, or techniques, but it does succeed. Their main weapon is a primitive Python password-stealing styler, which, according to coipania experts, is distributed using classic phishing. Attackers convince the victim to open the attachment and run the desired file in the browser, and the attachments are prepared in the national language for each country. After the device is infected, the malware sends the stolen data via Telegram."
Phishing is still one of the main ways for intruders to break into corporate infrastructure. Users are advised to exercise caution, do not open suspicious emails and attachments, do not click on unknown links, do not download software from unverified sources, and use only licensed versions from trusted sources. Organizations should inform employees about various types of phishing and new fraud schemes.
To detect such attacks, it is necessary to use specialized security tools, and to analyze and prevent cyber incidents, involve cybersecurity professionals.
