Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign
Summary
Bloody Wolf, tracked by Kaspersky as Stan Ghouls, is conducting spear-phishing attacks targeting Uzbekistan and Russia. The attacks distribute the NetSupport RAT to compromise systems in manufacturing, finance, and IT sectors. The group has been active since at least 2023.
IFF Assessment
FOE
The article describes a new campaign actively compromising systems, which is bad news for defenders.
Severity
8.8
High
(AI Estimated)
Defender Context
Defenders should be aware of the Bloody Wolf/Stan Ghouls threat actor and their targeting of Uzbekistan and Russia. Focus should be placed on detecting spear-phishing attempts delivering NetSupport RAT, especially those targeting manufacturing, finance and IT. Regularly update endpoint detection rules and conduct phishing awareness training for employees in these sectors.