"The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan known as NetSupport RAT. Cybersecurity vendor Kaspersky is tracking the activity under the moniker Stan Ghouls. The threat actor is known to be active since at least 2023, orchestrating spear-phishing attacks against manufacturing, finance, and IT sectors in Russia, Kyrgyzstan, Kazakhstan, and Uzbekistan."
"The attack chains are fairly straightforward in that phishing emails loaded with malicious PDF attachments are used as a launchpad to trigger the infection. The PDF documents embed links that, when clicked, lead to the download of a malicious loader that handles multiple tasks - Display a fake error message to give the impression to the victim that the application can't run on their machine. Check if the number of previous RAT installation attempts is less than three."
Bloody Wolf, tracked by Kaspersky as Stan Ghouls, has conducted spear-phishing campaigns since at least 2023 to deliver NetSupport RAT to systems in Uzbekistan and Russia. The actor targeted manufacturing, finance, and IT sectors across Russia, Kyrgyzstan, Kazakhstan, and Uzbekistan, with additional infections in Kazakhstan, Turkey, Serbia, and Belarus. Around 50 victims were identified in Uzbekistan and 10 devices in Russia. Infection attempts also affected government bodies, logistics companies, medical facilities, and educational institutions. The actor previously used STRRAT and has shifted to abusing the legitimate NetSupport remote administration tool via malicious PDFs and a loader that enforces attempt limits and displays fake errors.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]