• Introduction Stan Ghouls (also known as Bloody Wolf) is an cybercriminal group that has been launching targeted attacks against organizations in Russia, Kyrgyzstan, Kazakhstan, and Uzbekistan since at least 2023. • These attackers primarily have their sights set on the manufacturing, finance, and IT sectors. • Their campaigns are meticulously prepared and tailored to specific victims, featuring a signature toolkit of custom Java-based malware loaders and a sprawling infrastructure with resources dedicated to specific campaigns. • We continuously track Stan Ghouls’ activity, providing our clients with intel on their tactics, techniques, procedures, and latest campaigns. • In this post, we share the results of our most recent deep dive into a campaign targeting Uzbekistan, where we identified roughly 50 victims. • About 10 devices in Russia were also hit, with a handful of others scattered across Kazakhstan, Turkey, Serbia, and Belarus (though those last three were likely just collateral damage).
Article Summaries:
- Stan Ghouls, a cyber‑criminal unit also known as Bloody Wolf, has shifted its tactics to use the legitimate remote‑access tool NetSupport RAT to control infected hosts. The group’s latest campaign focused on Uzbekistan, affecting roughly 50 organizations, with an additional 10 Russian victims and a handful of incidents in Kazakhstan, Turkey, Serbia, and Belarus. Analysts noted a wave of new domains in the attackers’ infrastructure and evidence that the gang may have added IoT‑targeted malware to its arsenal. The attacks continue to rely on spear‑phishing emails with malicious PDF attachments, primarily in local languages, and are believed to be driven by financial motives.
Sources: