Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

This cybercrime group uses the most basic tactics around — but they seem to be working just fine

Password Security.

Hacking techniques don’t have to be particularly advanced to be successful. Case in point - Lazy Koala.

Cybersecurity researchers from Positive Technologies Expert Security Center (PT ESC) recently uncovered a new threat actor, which they dubbed Lazy Koala. Nothing about this group is notably progressive or sophisticated, but it is achieving outstanding results.

As per the report, the attackers are targeting enterprises in Russia and six Commonwealth of Independent States countries - Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, and Armenia. Their victims work in government agencies, financial organizations, and educational institutions, and they mostly go for login credentials to various services. 

Exfiltration via Telegram

So far, almost 900 accounts have been compromised, the researchers said. It is unclear what the attackers are doing with the information, but it’s likely that they’re either selling it on the dark web, or using it in further, more devastating attacks.

The attacks are simple - they include crafting convincing phishing attacks, often in languages native to the locals, and getting the victims to download and run the attachment. The files being distributed in these phishing attacks deploy a “primitive password stealer malware”. 

The infostealer then grabs the files and exfiltrates them via telegram bots. The person handling these bots is called Koala, giving PT ESC the idea behind the name.

"The calling card of the new group is this: 'harder doesn't mean better.' Lazy Koala doesn't bother with complex tools, tactics, and techniques, but they still get the job done,” said Denis Kuvshinov, Head of Threat Analysis, Positive Technologies Expert Security Center. 

“After establishing itself on the infected device, the malware exfiltrates the stolen data using Telegram, a favorite tool among attackers," Kuvshinov added.

PT ESC said that it notified the victims, adding that the information stolen in this campaign will most likely be sold on the dark web.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.