Kazakh Organizations Targeted by 'Bloody Wolf' Cyber Attacks

2024-08-05 12:42

Organizations in Kazakhstan are the target of a threat activity cluster dubbed Bloody Wolf that delivers a commodity malware called STRRAT. "The program selling for as little as $80 on underground resources allows the adversaries to take control of corporate computers and hijack restricted data," cybersecurity vendor BI.ZONE said in a new analysis.

The file purports to be a non-compliance notice and contains links to a malicious Java archive file as well as an installation guide for the Java interpreter necessary for the malware to function.

The STRRAT malware, hosted on a website that mimics the website of the Kazakhstan government, sets up persistence on the Windows host by means of a Registry modification and runs the JAR file every 30 minutes.

What's more, a copy of the JAR file is copied to the Windows startup folder to ensure that it automatically launches after a system reboot.

"Using less common file types such as JAR enables the attackers to bypass defenses," BI.ZONE said.

"Employing legitimate web services such as Pastebin to communicate with the compromised system makes it possible to evade network security solutions."

News URL

https://thehackernews.com/2024/08/kazakh-organizations-targeted-by-bloody.html

#attack