Security News > 2021 > February > LazyScripter hackers target airlines with remote access trojans
The actor received the name LazyScripter and has been active since 2018, using phishing to target individuals seeking immigration to Canada for a job, airlines, and the International Air Transport Association.
The researchers from Malwarebytes also found other examples where the attacker dropped other remote access trojans that are common to multiple hacking groups: LuminosityLink, RMS, Quasar, njRat, and Remcos.
According to the researchers, LazyScripter switched to the double-RAT tactic after initially using the PowerShell Empire post-exploitation framework.
Interestingly, LazyScripter hosted their toolsets on GitHub, a tactic used in the past by an APT group associated with Iran.
Malwarebytes found three accounts linked to LazyScripter.
None of the malware used in the LazyScripter campaigns have been associated with MuddyWater in the past.