Hacking techniques don’t have to be particularly advanced to be successful. Case in point – Lazy Koala.
Cybersecurity researchers from Positive Technologies Expert Security Center (PT ESC) recently uncovered a new threat actor, which they dubbed Lazy Koala. Nothing about this group is notably progressive or sophisticated, but it is achieving outstanding results.
As per the report, the attackers are targeting enterprises in Russia and six Commonwealth of Independent States countries – Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, and Armenia. Their victims work in government agencies, financial organizations, and educational institutions, and they mostly go for login credentials to various services.
Exfiltration via Telegram
So far, almost 900 accounts have been compromised, the researchers said. It is unclear what the attackers are doing with the information, but it’s likely that they’re either selling it on the dark web, or using it in further, more devastating attacks.
The attacks are simple – they include crafting convincing phishing attacks, often in languages native to the locals, and getting the victims to download and run the attachment. The files being distributed in these phishing attacks deploy a “primitive password stealer malware”.
The infostealer then grabs the files and exfiltrates them via telegram bots. The person handling these bots is called Koala, giving PT ESC the idea behind the name.
“The calling card of the new group is this: ‘harder doesn’t mean better.’ Lazy Koala doesn’t bother with complex tools, tactics, and techniques, but they still get the job done,” said Denis Kuvshinov, Head of Threat Analysis, Positive Technologies Expert Security Center.
“After establishing itself on the infected device, the malware exfiltrates the stolen data using Telegram, a favorite tool among attackers,” Kuvshinov added.
PT ESC said that it notified the victims, adding that the information stolen in this campaign will most likely be sold on the dark web.