VulnHub

Real-time Cybersecurity News

Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign

The Hacker News
Actively Exploited
PhishingTrojanKaspersky

Overview

A cybercriminal group known as Bloody Wolf is targeting organizations in Uzbekistan and Russia with a spear-phishing campaign designed to deploy a remote access trojan called NetSupport RAT. This group, which has been active since at least 2023, is focusing its attacks on the manufacturing, finance, and IT sectors. Kaspersky, a cybersecurity firm, is tracking this activity under the name Stan Ghouls. The use of spear-phishing indicates that the attackers are likely customizing their messages to trick specific individuals or organizations into downloading the malicious software. This type of threat can lead to significant data breaches and operational disruptions for the affected companies, making it crucial for them to enhance their email security and user awareness training.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: NetSupport RAT, manufacturing, finance, IT sectors
  • Action Required: Enhance email security, implement user awareness training, and monitor for unusual system activity.
  • Timeline: Ongoing since 2023

Original Article Summary

The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan known as NetSupport RAT. Cybersecurity vendor Kaspersky is tracking the activity under the moniker Stan Ghouls. The threat actor is known to be active since at least 2023, orchestrating spear-phishing attacks against manufacturing, finance, and IT

Impact

NetSupport RAT, manufacturing, finance, IT sectors

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since 2023

Remediation

Enhance email security, implement user awareness training, and monitor for unusual system activity.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Phishing, Trojan, Kaspersky.

Read Original Article

Related Coverage

Middle East-based brute-force cyber intrusions surge

SCM feed for Latest

Cybersecurity researchers have reported a significant increase in brute-force authentication attacks targeting network devices, particularly in the Middle East. In the first quarter of 2026, nearly 90% of these intrusions originated from that region. This surge in attacks raises concerns for organizations relying on network devices for their operations, as attackers are likely exploiting weak passwords to gain unauthorized access. The alarming trend suggests that companies need to reinforce their security measures, including implementing stronger password policies and multi-factor authentication. With the rising frequency of these attacks, vigilance is essential to protect sensitive data and maintain network integrity.

Apr 15, 2026

New AgingFly malware used in attacks on Ukraine govt, hospitals

BleepingComputer

Researchers have discovered a new type of malware called 'AgingFly' that has been used in attacks targeting Ukrainian government agencies and hospitals. This malware is designed to steal authentication data from users of Chromium-based browsers and WhatsApp messenger, posing a significant risk to sensitive information. The attacks raise concerns about the security of critical infrastructure and public services, especially in a region already facing geopolitical tensions. As cybercriminals continue to evolve their tactics, it's crucial for organizations to enhance their defenses against such threats. Users are advised to be vigilant and consider updating their security practices to protect against potential data breaches.

Apr 15, 2026

Critical MCP Integration Flaw Puts NGINX at Risk

darkreading

A serious vulnerability has been discovered in nginx-ui, which could allow attackers to manipulate NGINX configuration files. This flaw has a near-maximum severity rating, meaning it poses a significant risk to users of the software. Attackers can exploit this weakness to restart, create, modify, or delete configuration files, potentially disrupting web services and compromising server security. This vulnerability affects anyone using nginx-ui, making it crucial for system administrators to take action. The situation is urgent as it could lead to unauthorized access and control over server configurations.

Apr 15, 2026

WordPress plugin suite hacked to push malware to thousands of sites

BleepingComputer

A significant cybersecurity incident has emerged involving over 30 plugins from the EssentialPlugin package for WordPress. These plugins have been compromised with malicious code, which grants unauthorized access to websites that utilize them. This breach potentially affects thousands of sites, putting user data and site integrity at risk. The incident underscores the vulnerability of widely-used plugins and the importance of maintaining updated security practices. Website administrators are urged to review their installed plugins and take immediate action to protect their sites from possible exploitation.

Apr 15, 2026

NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities

CyberScoop

The National Institute of Standards and Technology (NIST) is narrowing its focus on analyzing Common Vulnerabilities and Exposures (CVE) due to the increasing number of vulnerabilities reported. Moving forward, NIST will concentrate its efforts on vulnerabilities found in critical software, systems utilized by the federal government, and those that are currently being exploited. This shift aims to streamline the analysis process and ensure that resources are allocated to the most pressing security issues. As the volume of vulnerabilities continues to rise, this change reflects a need for more targeted and efficient management of cybersecurity threats. It’s important for organizations and government entities to stay informed about these critical vulnerabilities to protect their systems effectively.

Apr 15, 2026

CVE-2026-33032: severe nginx-ui bug grants unauthenticated server access

Security Affairs

A severe vulnerability in nginx-ui, identified as CVE-2026-33032, is currently being exploited by attackers. This flaw allows unauthorized users to bypass authentication and gain complete control of Nginx servers, posing a significant risk to organizations using this web server technology. The vulnerability is linked to inadequate protection of the /mcp_message endpoint, which can be exploited without any prior authentication. With a CVSS score of 9.8, it is crucial for users to take immediate action to secure their systems. Organizations should prioritize patching their Nginx installations to mitigate this serious threat.

Apr 15, 2026