Security News > 2021 > February > New 'LazyScripter' Hacking Group Targets Airlines
A recently identified threat actor that remained unnoticed for roughly two years appears focused on the targeting of airlines that are using the BSPLink financial settlement software made by the International Air Transport Association, cybersecurity firm Malwarebytes reported on Wednesday.
Over time, the group evolved its toolset from PowerShell Empire to the Koadic and Octopus RATs, and used LuminosityLink, RMS, Quasar, njRat and Remcos RATs in between.
The phishing emails used in these attacks used the same loader to drop both Koadic and Octopus.
In addition to Octopus and Koadic, the loader also delivered a variant of Quasar RAT. Malwarebytes' researchers have identified 14 malicious documents that the threat actor has used since 2018, all carrying embedded objects that are variants of the KOCTOPUS or Empoder loaders.
To date, the researchers have identified four different versions of the KOCTOPUS loader, used to load Octopus, Koadic, LuminosityLink, RMS, and Quadar RATs.
The Koadic RAT is known to have been previously used by the Iran-linked Muddy Water and Russia-linked APT28 threat actors.