A cyber campaign by the Bloody Wolf APT group utilizing legitimate remote-access tools targets government agencies in Central Asia, employing advanced social engineering tactics. This ongoing operation highlights a shift towards using Java-based malware to evade detection and sustain long-term espionage efforts. #BloodyWolf #NetSupportRAT
Keypoints
- The Bloody Wolf group has been active in Kyrgyzstan and Uzbekistan since mid-2023, using social engineering tactics.
- The attackers impersonate government entities through convincing PDF documents and spoofed domains.
- The infection chain involves Java-based loaders that fetch and install NetSupport RAT for remote control.
- The malware includes features like persistence, scheduled tasks, and fake error messages to remain covert.
- The groupβs use of legitimate remote administration tools indicates an evolution toward stealthier, more sustainable cyber espionage activities.
Read More: https://www.infosecurity-magazine.com/news/bloody-wolf-expands-central-asia/