Friend
Professional
- Messages
- 2,677
- Reaction score
- 1,096
- Points
- 113
When a normal Java installation results in the loss of corporate secrets.
In Kazakhstan, the activity of a hacker group called Bloody Wolf has been revealed, which uses STRRAT malware (also known as Strigoi Master) to attack organizations. This is reported by the cybersecurity company BI. ZONE.
Attacks start with phishing emails that look like messages from the Ministry of Finance of the Republic of Kazakhstan and other government agencies. These emails contain PDF files disguised as notifications that the victim organization's work does not meet various requirements.
To give the attacks legitimacy, one of the links leads to a web page linked to a government website that calls for installing Java to enable the portal to work. However, the STRRAT malware is hosted on a website that only mimics the official website of the Government of Kazakhstan (egov-kz [.] online).
The malware is fixed in the Windows system by changing the registry and runs a JAR file every 30 minutes. A copy of this file is also duplicated in the Windows Startup folder to ensure automatic startup when the system is rebooted.
After installation, STRRAT connects to the Pastebin server to steal confidential information from the infected device. The stolen data includes information about the operating system, installed antivirus software, as well as credentials from Google Chrome, Mozilla Firefox, Internet Explorer, Foxmail, Outlook, and Thunderbird.
Malware can also receive additional commands from the server to download and execute new malicious files, record keystrokes, and execute commands via the Internet. cmd.exe or PowerShell, restart or shutdown the system, install a proxy, and self-destruct.
The use of JAR files allows hackers to bypass many security mechanisms, and the use of legitimate web services, such as Pastebin, to communicate with an infected system helps to avoid detection by network security solutions, BI.ZONE notes.
In light of these attacks, Kazakh organizations are encouraged to exercise increased vigilance and strengthen cybersecurity measures to prevent malware penetration.
Source
In Kazakhstan, the activity of a hacker group called Bloody Wolf has been revealed, which uses STRRAT malware (also known as Strigoi Master) to attack organizations. This is reported by the cybersecurity company BI. ZONE.
Attacks start with phishing emails that look like messages from the Ministry of Finance of the Republic of Kazakhstan and other government agencies. These emails contain PDF files disguised as notifications that the victim organization's work does not meet various requirements.
To give the attacks legitimacy, one of the links leads to a web page linked to a government website that calls for installing Java to enable the portal to work. However, the STRRAT malware is hosted on a website that only mimics the official website of the Government of Kazakhstan (egov-kz [.] online).
The malware is fixed in the Windows system by changing the registry and runs a JAR file every 30 minutes. A copy of this file is also duplicated in the Windows Startup folder to ensure automatic startup when the system is rebooted.
After installation, STRRAT connects to the Pastebin server to steal confidential information from the infected device. The stolen data includes information about the operating system, installed antivirus software, as well as credentials from Google Chrome, Mozilla Firefox, Internet Explorer, Foxmail, Outlook, and Thunderbird.
Malware can also receive additional commands from the server to download and execute new malicious files, record keystrokes, and execute commands via the Internet. cmd.exe or PowerShell, restart or shutdown the system, install a proxy, and self-destruct.
The use of JAR files allows hackers to bypass many security mechanisms, and the use of legitimate web services, such as Pastebin, to communicate with an infected system helps to avoid detection by network security solutions, BI.ZONE notes.
In light of these attacks, Kazakh organizations are encouraged to exercise increased vigilance and strengthen cybersecurity measures to prevent malware penetration.
Source
