Successful hacking techniques don’t always have to be highly advanced. Lazy Koala is a prime example of this.
A new threat actor named Lazy Koala has been discovered by cybersecurity researchers from Positive Technologies Expert Security Center (PT ESC). Despite lacking in sophistication, this group has been able to achieve remarkable results.
Lazy Koala is targeting enterprises in Russia and six Commonwealth of Independent States countries – Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, and Armenia. Their victims primarily come from government agencies, financial organizations, and educational institutions, with a focus on obtaining login credentials for various services.
Exfiltration via Telegram
According to the researchers, nearly 900 accounts have been compromised so far. The attackers’ motives remain unclear, but it is suspected that they are either selling the information on the dark web or using it for more destructive attacks.
The attacks are relatively simple, involving convincing phishing attempts in local languages to trick victims into downloading and running attachments. The files distributed in these phishing attacks contain a basic password stealer malware.
The stolen files are then exfiltrated via Telegram bots. The individual managing these bots is referred to as Koala, which inspired the name of the group.
“The defining characteristic of this new group is: ‘harder doesn’t mean better.’ Lazy Koala doesn’t rely on complex tools or tactics, yet they are still able to accomplish their goals,” said Denis Kuvshinov, Head of Threat Analysis at Positive Technologies Expert Security Center.
“Once installed on a compromised device, the malware uses Telegram, a popular tool among attackers, to send the stolen data,” Kuvshinov explained.
PT ESC has informed the victims of the campaign and suspects that the stolen information will likely be sold on the dark web.
More from TechRadar Pro
