Strikes with commercial malware against organizations in Kazakhstan
Essential information
- Published
- 01/08/2024 08:56
- Modified
- 01/08/2024 09:01
- Tags
- 2024-08-01 data theft phishing remote access strigoi master strrat
- Related entities
- 10 observables, 1 intrusion sets (apt), 16 techniques (mitre), 2 malware, 1 others
Description
BI.ZONE experts have been monitoring the activities of a threat group called Bloody Wolf since late 2023. This group targets organizations in Kazakhstan using STRRAT, a commercial malware known as Strigoi Master. The attackers employ phishing emails posing as communications from government agencies, with attached PDFs containing malicious links. These links lead to the download of STRRAT, along with a Java installation guide required for the malware's operation. The malware exhibits various capabilities, including keylogging, data exfiltration, remote control, and encryption of user files.