Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign

February 9, 2026 Zeinab Shariff

Source: The Hacker News

By Ravie LakshmananFebruary 9, 2026

The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan known as NetSupport RAT.

Cybersecurity vendor Kaspersky is tracking the activity under the moniker Stan Ghouls. The threat actor is known to be active since at least 2023, orchestrating spear-phishing attacks against manufacturing, finance, and IT sectors in Russia, Kyrgyzstan, Kazakhstan, and Uzbekistan.

The campaign is estimated to have claimed about 50 victims in Uzbekistan, with 10 devices in Russia also impacted. Other infections have been identified to a lesser degree in Kazakhstan, Turkey, Serbia, and Belarus. Infection attempts have also been recorded on devices within government organizations, logistics companies, medical facilities, and educational institutions.

“Given Stan Ghouls’ targeting of financial institutions, we believe their primary motive is financial gain,” Kaspersky noted. “That said, their heavy use of RATs may also hint at cyber espionage.”

Discuss

Here is where members can discuss, give feedback, and present their ideas within the “Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign” post. OnAir membership is required to participate.

The lead moderator for the discussions is Zeinab Shariff. We enforce civil, honest, and respectful discourse across our network of hubs. For more information on commenting and giving feedback, see our Community Guidelines.

This is an open discussion on this news piece.

Home Forums Open Discussion

Viewing 1 post (of 1 total)
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.
Skip to toolbar