Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan
28.11.2025
7697
Bloody Wolf targets Kyrgyzstan and Uzbekistan with Java-based loaders delivering NetSupport RAT in sector-wide phishing attacks.
Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan
Bloody Wolf is escalating attacks in Kyrgyzstan and Uzbekistan, deploying Java-based loaders that drop the NetSupport RAT via sophisticated phishing campaigns targeting multiple sectors.
The threat actor is leveraging social engineering tactics to trick victims into executing malicious Java archives (JARs), which then fetch and deploy the remote access tool, enabling full system control.
Campaigns are broad, hitting finance, IT, and other critical infrastructure, with emails disguised as legitimate communications to bypass defenses.
NetSupport RAT allows attackers to steal data, monitor activity, and execute commands remotely, posing severe risks to organizational security in the targeted regions.
- • Attack vector: Phishing emails with malicious JAR attachments
- • Primary tool: NetSupport RAT for remote access
- • Targets: Kyrgyzstan and Uzbekistan across multiple sectors
- • Method: Java-based loaders for stealth and compatibility
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
