Find notable cyber news and cases, enriched with sources, timelines, and signals.

Bloody Wolf Central Asia spear-phishing campaign

Campaign
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

The Bloody Wolf campaign is expanding across Central Asia, using spoofed Ministry of Justice PDFs and geofenced infrastructure to reach government users in Kyrgyzstan and Uzbekistan. Victims are being pushed to install Java so attackers can deliver NetSupport RAT for remote control. The shift from earlier tooling to legitimate remote-access software makes the operation harder to detect and easier to blend into normal IT activity. The continued spread since June 2025 suggests a persistent and adaptable phishing operation.

Related Happenings

Y2K Operators Millenium RAT social-engineering distribution campaign

Campaign
H score73 First: 29.06.2026 17:30 Last: 29.06.2026 17:30 Sources 1

About this happening: The **Y2K Operators** are running a **social-engineering distribution campaign** that spreads **Millenium RAT** through **booby-trapped downloads**, exposing users to remote compr...

Bloody Wolf Central Asia phishing campaign targeting Kyrgyzstan and Uzbekistan

Campaign
H score33 First: 27.11.2025 20:13 Last: 27.11.2025 20:13 Sources 1

About this happening: The **Bloody Wolf** phishing campaign has expanded from **Kyrgyzstan** to **Uzbekistan**, widening risk to **finance, government, and IT** targets across Central Asia. The operati...

NetSupport RAT JAR loader activity targeting Kyrgyzstan and Uzbekistan

Malware Activity
H score22 First: 27.11.2025 20:13 Last: 27.11.2025 20:13 Sources 1

About this happening: The **NetSupport RAT** activity used **malicious JAR loaders** to reach victims in **Kyrgyzstan** and **Uzbekistan**, extending a targeted phishing operation across **Central Asia...

NetSupport RAT Java-based loader deployment

Malware Activity
H score22 First: 27.11.2025 18:00 Last: 27.11.2025 18:00 Sources 1

How related: Once a victim opens the downloaded JAR file, the loader retrieves additional components and ultimately installs NetSupport RAT for remote control.

About this happening: The **NetSupport RAT** delivery chain is installing remote-access malware on victim systems, enabling **remote control** after phishing and loader execution. The activity matters...

FoalShell and StallionRAT RAR-delivery activity

Malware Activity
H score32 First: 03.10.2025 13:30 Last: 03.10.2025 13:30 Sources 1

About this happening: A phishing-delivered malware operation is spreading **FoalShell** and **StallionRAT**, enabling **remote command execution** and **data exfiltration** on compromised hosts. The ac...

Timeline

  1. 27.11.2025 18:00 2 articles · 7mo ago

    Bloody Wolf Central Asia spear-phishing campaign

    Initial Disclosure

    The operation appears to have begun as a **Kyrgyzstan-focused** phishing effort by **late 2023** and was documented there by **June 2025**. Early lures relied on **spoofed government documents** and social engineering to get victims to run **Java**-based payloads.

    Show sources