The Hacker News reports that the threat actor known as Bloody Wolf, tracked by Kaspersky as Stan Ghouls, has been linked to a sophisticated campaign targeting Uzbekistan and Russia, infecting systems with the NetSupport RAT. This actor has been active since at least 2023, employing spear-phishing tactics across manufacturing, finance, and IT sectors.The campaign has impacted approximately 50 victims in Uzbekistan and 10 in Russia, with lesser infections in Kazakhstan, Turkey, Serbia, and Belarus. Targeted entities include government organizations, logistics companies, medical facilities, and educational institutions. The primary motive is believed to be financial gain, though cyber espionage is also a possibility due to the heavy use of RATs. The attack chain typically begins with phishing emails containing malicious PDF attachments. These PDFs link to a loader that displays a fake error message, checks previous RAT installation attempts, downloads NetSupport RAT from external domains, and establishes persistence through startup scripts, registry keys, and scheduled tasks.Additionally, Mirai botnet payloads have been found on infrastructure associated with Bloody Wolf, suggesting a potential expansion into IoT device targeting. This activity coincides with other campaigns against Russian organizations, such as those by ExCobalt, which exploit known vulnerabilities and stolen credentials. Source: The Hacker News
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




