Cybersecurity

Cyber: Bloody Wolf Targets Uzbekistan, Russia Using Netsupport Rat In...

2026-02-09 0 views admin
Cyber: Bloody Wolf Targets Uzbekistan, Russia Using Netsupport Rat In...

The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan known as NetSupport RAT.

Cybersecurity vendor Kaspersky is tracking the activity under the moniker Stan Ghouls. The threat actor is known to be active since at least 2023, orchestrating spear-phishing attacks against manufacturing, finance, and IT sectors in Russia, Kyrgyzstan, Kazakhstan, and Uzbekistan.

The campaign is estimated to have claimed about 50 victims in Uzbekistan, with 10 devices in Russia also impacted. Other infections have been identified to a lesser degree in Kazakhstan, Turkey, Serbia, and Belarus. Infection attempts have also been recorded on devices within government organizations, logistics companies, medical facilities, and educational institutions.

"Given Stan Ghouls' targeting of financial institutions, we believe their primary motive is financial gain," Kaspersky noted. "That said, their heavy use of RATs may also hint at cyber espionage."

The misuse of NetSupport, a legitimate remote administration tool, is a departure for the threat actor, which previously leveraged STRRAT (aka Strigoi Master) in its attacks. In November 2025, Group-IB documented phishing attacks aimed at entities in Kyrgyzstan to distribute the tool.

The attack chains are fairly straightforward in that phishing emails loaded with malicious PDF attachments are used as a launchpad to trigger the infection. The PDF documents embed links that, when clicked, lead to the download of a malicious loader that handles multiple tasks -

Kaspersky said it also identified Mirai botnet payloads staged on infrastructure associated with Bloody Wolf, raising the possibility that the threat actor may have expanded its malware arsenal to target IoT devices.

"With over 60 targets hit, this is a remarkably high volume for a sophisticated targeted campaign," the company concluded. "It points to the significant resources these actors are willing to pour into their operations."

The disclosure coincides with a number of cyber campaigns targeting Russian organizations, including those conducted by ExCobalt, which has leveraged known security flaws and credentials stolen from contractors to obtain initial access to target networks. Positive Technologies described the adversary as one of the "most dangerous groups" attacking Russian entities.

The attacks are characterized by the use of various tools, along with attempts to siphon Telegra

Source: The Hacker News

🏷️ Tags

cybersecuritysecuritymalwareattackthreat

More from Cybersecurity

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

2026-02-24 0
Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

2026-02-24 0
Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

2026-02-24 0
Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

2026-02-24 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views