Summary: The BI.ZONE Threat Intelligence team reports on the Bloody Wolf cybercrime group’s evolution, noting a significant expansion in their targeting and tactics. They now exploit widely-used remote administration tools like NetSupport to conduct campaigns against organizations in Kazakhstan and Russia, compromising over 400 systems. This shift emphasizes the need for behavior-based threat detection, as traditional defenses struggle against their techniques.
Affected: Organizations in Kazakhstan and Russia
Keypoints :
- Bloody Wolf has expanded from targeting Kazakhstan to Russian entities, compromising over 400 systems.
- The group now uses legitimate remote administration tools like NetSupport to avoid detection, replacing custom malware.
- Recent campaigns involved phishing tactics, using documents disguised as compliance notices and tax rulings to deliver malicious JAR files.
Source: https://securityonline.info/bloody-wolf-cybercrime-group-evolves-tactics-expands-targets/