Find notable cyber news and cases, enriched with sources, timelines, and signals.

Bloody Wolf / Stan Ghouls NetSupport RAT spear-phishing campaign

Campaign
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

The Bloody Wolf / Stan Ghouls operation is actively running a spear-phishing campaign against Uzbekistan and Russia, and the activity matters because it is delivering NetSupport RAT into victim systems. The campaign has already affected about 50 victims in Uzbekistan and 10 devices in Russia, with infections also seen across Kyrgyzstan, Kazakhstan, Turkey, Serbia, and Belarus. It has targeted manufacturing, finance, IT, government, logistics, medical, and education organizations. The tradecraft relies on malicious PDF attachments that launch a loader and establish persistence.

Related Happenings

WeedHack YouTube and SEO poisoning campaign targeting Minecraft players

Campaign
H score73 First: 03.06.2026 00:54 Last: 03.06.2026 00:54 Sources 1

About this happening: **WeedHack** is a **Minecraft-focused malware-as-a-service (MaaS)** campaign that uses **YouTube** and **SEO poisoning** to push malicious **mods, clients, cheats, and utilities**...

SideCopy Operation XENOFISCAL spear-phishing campaign targeting Afghan finance entities

Campaign
H score25 First: 02.06.2026 12:05 Last: 02.06.2026 12:05 Sources 1

About this happening: The **SideCopy**-linked **Operation XENOFISCAL** spear-phishing campaign is targeting **Afghanistan's Ministry of Finance** and related provincial finance offices with **Xeno RAT*...

Ghostwriter geofenced PDF spear-phishing campaign targeting Ukrainian government entities

Campaign
H score50 First: 14.05.2026 17:00 Last: 14.05.2026 17:00 Sources 1

About this happening: The **Ghostwriter / FrostyNeighbor** group is running a **geofenced spear-phishing campaign** against **government entities in Ukraine**, and the operation matters because it deli...

DAEMON Tools trojanized-installer stealer and backdoor activity

Malware Activity
H score31 First: 05.05.2026 22:21 Last: 05.05.2026 22:21 Sources 1

About this happening: A **DAEMON Tools** supply-chain compromise is delivering **trojanized installers** that install a **backdoor** and steal system data from downloaded systems. The activity has run...

SloppyLemming spear-phishing campaign targeting Pakistan and Bangladesh

Campaign
H score37 First: 03.03.2026 08:53 Last: 03.03.2026 08:53 Sources 1

About this happening: The **SloppyLemming** campaign is using **spear-phishing**, **PDF lures**, and **macro-enabled Excel documents** to target **government entities and critical infrastructure operat...

Timeline

  1. 09.02.2026 12:58 1 articles · 5mo ago

    Bloody Wolf and Stan Ghouls NetSupport RAT campaign disclosure

    Initial Disclosure

    Kaspersky tracks Bloody Wolf, also called Stan Ghouls, as a spear-phishing operator targeting Uzbekistan and Russia with NetSupport RAT, with activity active since at least 2023 and additional infections reported in Kyrgyzstan, Kazakhstan, Turkey, Serbia, and Belarus. The campaign has affected about 50 victims in Uzbekistan, 10 devices in Russia, and over 60 targets overall, and the delivery chain uses malicious PDF attachments, a loader that downloads NetSupport RAT from external domains, and persistence through the Startup folder, a Registry autorun entry, and a scheduled task. Kaspersky also identified Mirai botnet payloads staged on infrastructure associated with Bloody Wolf, suggesting possible expansion toward IoT targets.

    Show sources