‘Bloody Wolf’ Cyberattacks Aim for Kazakh Organizations

0
53
'Bloody Wolf' Cyberattacks Aim for Kazakh Organizations
'Bloody Wolf' Cyberattacks Aim for Kazakh Organizations

Bloody Wolf is a cyberattack activity cluster that targets organizations in Kazakhstan and disseminates the trojan virus STRRAT.

A cyberattack cluster known as Bloody Wolf is aimed at organizations in Kazakhstan and distributes a commodity virus known as STRRAT (also known as Strigoi Master). According to a recent investigation by cybersecurity provider BI.ZONE, “the program selling for as little as $80 on underground resources allows the adversaries to take control of corporate computers and hijack restricted data.” As a first line of attack, the cyberattacks use phishing emails, which pose as the Ministry of Finance of the Republic of Kazakhstan and other organizations, in an attempt to fool recipients into opening PDF files.

The attachment poses as a non-compliance notice and includes links to a malicious Java archive (JAR) file and instructions on how to install the Java interpreter that the malware needs in order to run. The second link, which is meant to give the attack credibility, leads to a page linked to the national website of the nation, advising users to install Java in order for the portal to function.

The second link, which is meant to give the attack credibility, leads to a page linked to the national website of the nation, advising users to install Java in order for the portal to function.The STRRAT virus installs persistence on the Windows host by changing the registry, and it launches the JAR file every 30 minutes. The malware is hosted on a website that imitates the Kazakhstani government’s website (“egov-kz[.]online”). Moreover, a duplicate of the JAR file is moved to the Windows startup folder to guarantee that it starts up automatically following a system reboot.

It can also log keystrokes, run commands using PowerShell or cmd.exe, restart or shut down the machine, install a proxy, and uninstall itself in response to further directives it receives from the server. “Using less common file types, such as JAR, enables attackers to bypass defenses,” stated BI.ZONE. “Employing legitimate web services such as Pastebin to communicate with the compromised system makes it possible to evade network security solutions.”

Also readAchieving Rapid Outcomes with AI-Driven Cloud Analytics

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter 

About us:

CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.

CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.