Recently, the security researchers have discovered a previously unknown threat actor carrying out several nefarious activities with the help of multiple RATs. The unidentified actor came to be known as LazyScripter and has been active since 2018. Their prime target was the International Air Transport Association (IATA) and airlines.
This threat group has been targeting the International Air Transport Association (IATA) and airlines that are using the BSPLink software. Moreover, the victims looking to immigrate to Canada in search of jobs were also targeted by these attackers. The attackers have used KOCTOPUS loaders to deploy Octopus and Koadic to carry out phishing activities.
The threat actor has mostly used spam emails laden with archive or document files as an initial infection vector and multiple file types as its initial phishing lures. Both zip and document files included a variant of either KOCTOPUS or Empoder. In addition, they were observed to be dropping other RATs, such as LuminosityLink, Quasar, RMS, njRat, and Remcos, which are used by multiple hacking groups.
The use of multiple RATs and advanced tactics for nefarious activities indicates that this group is continuously making efforts to polish its tools and attack tactics. In addition, the use of freely available tools and malware shows how smartly this group is making use of commercially available tools, and the combination of all these strategies makes this group a very serious threat.