Bloody Wolf is a cyber threat group targeting Central Asian countries like Kyrgyzstan and Uzbekistan using sophisticated social engineering techniques and malware. Their campaigns primarily focus on impersonating government agencies to deploy NetSupport RAT and establish persistence on infected systems. #BloodyWolf #NetSupportRAT
Keypoints
- Bloody Wolf has targeted Kyrgyzstan since June 2025 and expanded to Uzbekistan by October 2025.
- The group impersonates government ministries through malicious PDF documents and domain names.
- Attacks leverage spear-phishing emails containing weaponized JAR files to deliver malware.
- The malware uses techniques like scheduled tasks, registry modifications, and startup folder drops for persistence.
- Campaigns employ geofencing in Uzbekistan to restrict malicious activity within the country.
Read More: https://thehackernews.com/2025/11/bloody-wolf-expands-java-based.html