THE Hacker News reports that the threat actor Bloody Wolf has been linked to a spear-phishing campaign targeting Uzbekistan and Russia to deploy NetSupport RAT, with Kaspersky tracking the activity under the moniker Stan Ghouls. The campaign, active since at least 2023, has so far hit more than 60 targets across Russia, Kyrgyzstan, Kazakhstan and Uzbekistan, with about 50 victims in Uzbekistan and 10 devices in Russia reported by the researchers.
Phishing emails featuring malicious PDF attachments are used to trigger the infection, leading victims to download a loader that subsequently delivers NetSupport RAT and establishes persistence. The article notes additional activity linked to Bloody Wolf, including the use of Mirai botnet payloads on related infrastructure, and references November 2025 when Group-IB documented Kyrgyzstan-focused phishing attacks distributing similar tools. According to the researchers, the operation’s breadth and use of RAT tools may indicate both financial gain and potential espionage motives.