Bloody Wolf strikes organizations in Kazakhstan with STRRAT commercial malware


Since late 2023, BI.ZONE Threat Intelligence experts have been tracking the activity of Bloody Wolf. The cluster attacks organizations in Kazakhstan with STRRAT, a commercial malware also known as Strigoi Master.

The attackers send out phishing emails on behalf of the Ministry of Finance of the Republic of Kazakhstan and other agencies. The emails have PDF attachments with download links for the malware and for a Java interpreter installation guide (the program supports malware operation).

Read more…
Source: BI.ZONE


Sign up for our Newsletter


Related:

  • APT trends report Q3 2024

    November 28, 2024

    In the second half of 2022, a wave of attacks from an unknown threat actor targeted victims with a new type of attack framework that we dubbed P8. The campaign targeted Vietnamese victims, mostly from the financial sector, with some from the real estate sector. Later, in 2023, Elastic Lab published a report about an OceanLotus ...

  • Bloody Wolf strikes organizations in Kazakhstan with STRRAT commercial malware

    July 31, 2024

    Since late 2023, BI.ZONE Threat Intelligence experts have been tracking the activity of Bloody Wolf. The cluster attacks organizations in Kazakhstan with STRRAT, a commercial malware also known as Strigoi Master. The attackers send out phishing emails on behalf of the Ministry of Finance of the Republic of Kazakhstan and other agencies. The emails have PDF ...

  • LazyStealer: Sophisticated does not mean better

    April 4, 2024

    In the first quarter of 2024, researchers from Positive Technologies Expert Security Center (PT ESC) detected a series of attacks targeting government organizations in Russia, Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, and Armenia. The research team could not find any links to known groups that used the same techniques. The main goal of the attack was stealing ...

  • Stayin’ Alive – targeted attacks against telecoms and government ministries in Asia

    October 11, 2023

    In the last few months, Check Point Research has been tracking “Stayin’ Alive”, an ongoing campaign that has been active since at least 2021. The campaign operates in Asia, primarily targeting the Telecom industry, as well as government organizations. The “Stayin’ Alive” campaign consists of mostly downloaders and loaders, some of which are used as ...

  • Spyware vendor targets users in Italy and Kazakhstan

    June 23, 2022

    Google has been tracking the activities of commercial spyware vendors for years, and taking steps to protect people. Just last week, Google testified at the EU Parliamentary hearing on “Big Tech and Spyware” about the work we have done to monitor and disrupt this thriving industry. Seven of the nine zero-day vulnerabilities our Threat Analysis Group ...

  • Kazakhstan government is intercepting HTTPS traffic in its capital

    December 6, 2020

    Under the guise of a “cybersecurity exercise,” the Kazakhstan government is forcing citizens in its capital of Nur-Sultan (formerly Astana) to install a digital certificate on their devices if they want to access foreign internet services. Once installed, the certificate would allow the government to intercept all HTTPS traffic made from users’ devices via a technique ...