Razy malware has been around for a number of years now, and is still causing trouble. A Windows-based malware, one of the reasons that the malware has continued to be effective is that it can appear to be free software or a file on what would normally be a trusted site by the public, such as a government site. That recently happened to the Kazakhstan e-government portal.
InformBuro reports an attack on eGov.kz. The press service of Zerde National Infocommunication Holding JSC reported the attack after security firm T&TSecurity analyzed several cases of the watering hole attack.
The report includes the specific links where the Razy malware had been detected, as well as a description:
The files are the same malicious Razy Trojan downloader. We assume that cybercriminals gained access to upload files to the legalacts.egov.kz site and budget.egov.kz published malware under the guise of office documents. The first document is a resolution of the regional akimat. The second document is a financial summary of the akimat budget. Since the second document was created in January 2021, it means that the Razy malware was published on the portal in 2021.
Read more on InformBuro. The preceding quotes were machine translation from their reporting.
Reporting by Chum1ng0, editing by Dissent