Lazy Koala (cyber group)

History

2024: Attacks on Russian government and financial companies

In early April 2024, the information security company Positive Technologies announced the identification of a new hacker group called Lazy Koala, which attacks state and financial companies, as well as medical and educational institutions.

Positive Technologies named the cyber group Lazy Koala because of its elementary techniques and the username Koala, which managed Telegram bots with stolen data.

Unsplash

Lazy Koala does not resort to sophisticated tools, tactics and techniques, but is also successful. Their main weapon is a primitive styler written in Python (password theft malware), which, according to our assumptions, is distributed using good old phishing. Fraudsters convince the victim to open the attachment and run the desired file in the browser, - said Denis Kuvshinov, head of the cyber threat research department at the Positive Technologies security expert center.

According to experts, the attackers' goal was to steal accounts from various services from computers of employees of government organizations. Criminals are expected to use this information in further attacks on the internal structures of companies. Stolen data can also be sold in the shadow cyber services market.

By the beginning of April 2024, about 867 employee accounts were compromised by members of the Lazy Koala group. Positive Technologies Security Expert Center will detect hacker attacks on organizations not only from Russia, but also from Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan and Armenia.

Positive Technologies recommends users not to open suspicious letters, not to follow unknown links, not to download software from unverified sites and torrent sites, to use licensed versions from trusted sources.^[1]

Notes