In the first quarter of 2024, researchers from Positive Technologies Expert Security Center (PT ESC) detected a series of attacks targeting government organizations in Russia, Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, and Armenia.
The research team could not find any links to known groups that used the same techniques. The main goal of the attack was stealing credentials for various services from computers used by public servants. The researchers dubbed the group “Lazy Koala”—for the unsophisticated techniques they used and after the name of the user who controlled the Telegram bots that received the stolen data. The malware that powered the attacks, which Positive Technologies named “LazyStealer”, proved productive despite a simple implementation. The researchers could not ascertain the infection vector, but all signs pointed to phishing.
Read more…
Source: Positive Technologies