In Kazakhstan, the cybersecurity company bi.zone has uncovered the operations of a hacker group known as Bloody Wolf, utilizing the malicious Strrat (or Strigoi Master) to target organizations. The company reports on this revelation.
These attacks typically commence with phishing emails that mimic correspondence from entities like the Ministry of Finance of the Republic of Kazakhstan and other government agencies. The emails contain PDF attachments posing as notifications regarding the organization’s purported failure to meet certain requirements.
To lend an air of authenticity to the attacks, one of the email links redirects to a web page resembling a government site, prompting the user to install Java to ensure access to the portal. However, in actuality, the Strrat malware is present on the site, masquerading as the official Government of Kazakhstan website (EGOV-KZ [.] Online).
The Strrat malware inflicts damage on Windows systems by altering the registry and initiating the Jar file every half-hour. A duplicate of this file is placed in the Windows Automatic loading folder to ensure automatic execution upon system reboot.
Once Strrat is installed, it connects to a Pastebin server to pilfer confidential information from the compromised device. The stolen data encompasses details regarding the operating system, antivirus software, and accounting information from a range of browsers and email clients.
Furthermore, the malicious software can receive additional commands from the server, including downloading and executing new malicious files, logging keystrokes, running commands through CMD.exe or PowerShell, rebooting or shutting down the system, setting up proxies, and even self-destructing.
The utilization of JAR files enables hackers to circumvent numerous security measures, while leveraging legitimate web services like Pastebin aids in evading detection by network security solutions for communication with an infected system, as noted by BI.ZONE.
In light of these cyber attacks, Kazakh organizations are advised to heighten their vigilance and bolster their cybersecurity defenses to thwart the infiltration of malicious software.