Attacks in Russia and Uzbekistan: NetSupport RAT and potential IoT interest
Essential information
- Published
- 05/02/2026 20:23
- Modified
- 05/02/2026 21:07
- Tags
- 2026-02-05 financial sector iot java loader manufacturing mirai netsupport rat russia spear-phishing uzbekistan
- Related entities
- 1 vulnerabilities (cve), 32 observables, 1 intrusion sets (apt), 2 malware, 23 others
Description
Stan Ghouls, a cybercriminal group also known as Bloody Wolf, has been conducting targeted attacks against organizations in Russia, Uzbekistan, and other Central Asian countries since 2023. Their latest campaign primarily focused on Uzbekistan, with about 50 victims identified, along with 10 in Russia and a few others in neighboring countries. The attackers use spear-phishing emails with malicious PDF attachments to deliver a Java-based loader, which then installs the NetSupport remote access tool. The group targets manufacturing, finance, and IT sectors, possibly for financial gain and espionage. New evidence suggests Stan Ghouls may be expanding into IoT-based threats, as Mirai malware files were found on a server linked to their previous campaigns.