Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan
These articles are AI-generated summaries. Please check the original sources for full details.
Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan
Bloody Wolf, a threat actor linked to spear-phishing campaigns, has targeted Kyrgyzstan since June 2025 and expanded to Uzbekistan by October 2025. The group uses Java Archive (JAR) files to deploy NetSupport RAT, exploiting trust in government institutions.
Why This Matters
The campaign highlights how legacy tools like Java 8 (released in 2014) and outdated NetSupport Manager (2013) can be weaponized for regionally targeted attacks. By leveraging social engineering and geofencing, Bloody Wolf maintains low operational visibility while compromising finance, government, and IT sectors across Central Asia.
Key Insights
- “Java 8 used in JAR loaders, 2014”: Attackers exploit outdated software with known vulnerabilities.
- “Geofencing in Uzbekistan”: Redirects external traffic to legitimate sites, evading detection.
- “NetSupport RAT payload, 2013”: Uses deprecated remote access tool for persistence and data exfiltration.
Practical Applications
- Use Case: Government agencies impersonated via phishing emails to install malicious JAR files.
- Pitfall: Relying on unpatched Java environments increases exposure to weaponized loaders.
References:
Continue reading
Next article
Rezzervo: A Booking System Addressing Customer Loss Due to Scheduling Errors
Related Content
ForumTroll Phishing Campaign Targets Russian Scholars with eLibrary Lures
Kaspersky details ForumTroll attacks targeting Russian academics with personalized phishing emails disguised as eLibrary notifications, delivering Windows malware.
New HttpTroy Backdoor Exploits South Korean Targets via Phishing Campaign
North Korea-linked group Kimsuky deploys HttpTroy backdoor via phishing emails posing as VPN invoices, enabling full system control and stealthy persistence in South Korea.
Operation SkyCloak: Tor-Powered OpenSSH Backdoor Targeting Defense Sectors
Researchers reveal a sophisticated cyber campaign, Operation SkyCloak, using Tor-enabled OpenSSH backdoors to target defense networks in Russia and Belarus via phishing attacks.