NetSupport RAT JAR loader activity targeting Kyrgyzstan and Uzbekistan
Malware Activity
Summary
Hide ▲
Show ▼
The NetSupport RAT activity used malicious JAR loaders to reach victims in Kyrgyzstan and Uzbekistan, extending a targeted phishing operation across Central Asia. The loaders fetched the payload and established persistence through a scheduled task, a Registry value, and a startup batch script, increasing the chance of sustained remote access.
Related Happenings
Bloody Wolf / Stan Ghouls NetSupport RAT spear-phishing campaign
Campaign
First: 09.02.2026 12:58
Last: 09.02.2026 12:58
Sources 1
About this happening:
The **Bloody Wolf / Stan Ghouls** operation is actively running a **spear-phishing campaign** against **Uzbekistan and Russia**, and the activity matters because it is delivering...
Bloody Wolf / Stan Ghouls NetSupport RAT spear-phishing campaign
CampaignAbout this happening: The **Bloody Wolf / Stan Ghouls** operation is actively running a **spear-phishing campaign** against **Uzbekistan and Russia**, and the activity matters because it is delivering...
Bloody Wolf Central Asia phishing campaign targeting Kyrgyzstan and Uzbekistan
Campaign
First: 27.11.2025 20:13
Last: 27.11.2025 20:13
Sources 1
How related:
The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT.
About this happening:
The **Bloody Wolf** phishing campaign has expanded from **Kyrgyzstan** to **Uzbekistan**, widening risk to **finance, government, and IT** targets across Central Asia. The operati...
Bloody Wolf Central Asia phishing campaign targeting Kyrgyzstan and Uzbekistan
CampaignHow related: The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT.
About this happening: The **Bloody Wolf** phishing campaign has expanded from **Kyrgyzstan** to **Uzbekistan**, widening risk to **finance, government, and IT** targets across Central Asia. The operati...
Bloody Wolf Central Asia spear-phishing campaign
Campaign
First: 27.11.2025 18:00
Last: 27.11.2025 18:00
Sources 1
About this happening:
The **Bloody Wolf** campaign is **expanding across Central Asia**, using **spoofed Ministry of Justice PDFs** and **geofenced infrastructure** to reach government users in **Kyrgy...
Bloody Wolf Central Asia spear-phishing campaign
CampaignAbout this happening: The **Bloody Wolf** campaign is **expanding across Central Asia**, using **spoofed Ministry of Justice PDFs** and **geofenced infrastructure** to reach government users in **Kyrgy...
NetSupport RAT Java-based loader deployment
Malware Activity
First: 27.11.2025 18:00
Last: 27.11.2025 18:00
Sources 1
About this happening:
The **NetSupport RAT** delivery chain is installing remote-access malware on victim systems, enabling **remote control** after phishing and loader execution. The activity matters...
NetSupport RAT Java-based loader deployment
Malware ActivityAbout this happening: The **NetSupport RAT** delivery chain is installing remote-access malware on victim systems, enabling **remote control** after phishing and loader execution. The activity matters...
Timeline
-
27.11.2025 20:13 2 articles · 6mo ago
NetSupport RAT JAR loader activity targeting Kyrgyzstan and Uzbekistan
Initial DisclosureThe initial phase relied on **phishing** that impersonated the **Kyrgyzstan Ministry of Justice** to drive victims toward **JAR loader** downloads. The loaders then executed **NetSupport RAT** and began persistence on **Windows** systems.
Show sources
- Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan — thehackernews.com — 27.11.2025 20:13
- Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan — thehackernews.com — 27.11.2025 20:13