A commodity malware called STRRAT (aka Strigoi Master) that is available for $80 on underground resources has been tricking multiple organizations in Kazakhstan into getting hacked. The malware allows hackers to take control of corporate computers and hijack restricted data, and its use is propagated by the threat activity cluster named Bloody Wolf.

The cyberattacks employ phishing emails as an initial access vector, impersonating the Ministry of Finance of the Republic of Kazakhstan and other agencies to trick recipients into opening PDF attachments. To make the attack more legitimate, a second link points to a web page associated with the country's government website that urges visitors to install Java in order to ensure that the portal is operational. The hackers have resorted to employing legitimate web services such as Pastebin to communicate with the compromised system making it possible to evade network security solutions. Read more about this story on our LinkedIn page