Positive Technologies Discovers New APT Group Targeting Governments: Lazy Koala

Positive Technologies Expert Security Centre (PT ESC) has uncovered a new cybergroup named Lazy Koala, known for its simple yet effective attack techniques. The group has targeted organizations in Russia and six CIS countries, compromising approximately 867 employee accounts so far.

The attacks primarily focused on government, financial, medical, and educational institutions in Russia, Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, and Armenia. The main objective of the attackers was to steal accounts from government organization employees to use in further attacks on internal structures or sell on the dark web.

Lazy Koala stands out for its basic techniques and the use of a primitive password stealer malware distributed through phishing. Denis Kuvshinov, Head of Threat Analysis at PT ESC, emphasized that the group’s motto is “harder doesn’t mean better,” as they achieve their goals without complex tools or tactics.

To combat such attacks, users are advised to avoid opening suspicious messages or links, download software from trusted sources, and stay informed about phishing techniques. Specialized security tools like MaxPatrol SIEM, PT NAD, and PT Sandbox can help detect and prevent data theft events and malicious activities associated with Lazy Koala.

Overall, the discovery of Lazy Koala highlights the ongoing threat of cyberattacks and the importance of proactive cybersecurity measures to safeguard sensitive information and infrastructure.