LazyScripter APT
LazyScripter APT is a newly identified Advanced Persistent Threat (APT) group whose activity, tools, and targets appear to overlap with those of other APT groups operating from the Middle East. However, there is not enough data to determine whether the LazyScripter APT shares members with other groups from the region or if they really operate from a country in the Middle East. The criminals appear to express high interest in airlines and immigration-related organizations in Canada. One of LazyScripter APT's big targets was the International Air Traffic Association (IATA.)
The criminals rely on spear-phishing emails to approach their targets, and it seems that their toolset is not very sophisticated. They rely on well-known malware families frequently, many of which are open-source. Some of LazyScripter APT's notable tools are Zebrocy, Octopus, Remcos and LuminosityLink. All of these are Remote Access Trojans (RATs) that enable their operators to perform a wide variety of tasks on compromised systems.
The LazyScripter APT Reminds Researchers of the MuddyWater APT
According to researchers, the LazyScripter APT modus operandi is very similar to that of the MuddyWater APT, an Iran-based group of cybercriminals. Both groups rely on similar tools, and they abuse PowerShell scripts frequently to perform additional tasks on compromised machines. Last but not least, both MuddyWater and LazyScripter's members abuse GitHub to host their payloads or other data related to their operations.
The first operations of the LazyScripter APT can be traced back to 2018, but the group appears to still be active in 2021. Thankfully, the fact that the criminals are using well-known malware families is likely to mean that organizations can protect their networks by investing in reliable and up-to-date anti-virus software.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.