Bloody Wolf evolution: new targets, new tools

SUMMARY :

Bloody Wolf, a notorious threat actor, has shifted its tactics by replacing malware with the legitimate remote administration tool NetSupport. The group has expanded its targets to include organizations in both Kazakhstan and Russia, compromising over 400 systems. Their attack method involves phishing emails with PDF attachments containing links to malicious JAR files. These files download and install NetSupport components, enabling full system access. The campaign exploits the prevalence of remote work and the increased use of remote administration software. The attackers' use of legitimate tools makes detection more challenging for conventional defenses. The report provides detailed technical information about the attack process and indicators of compromise.

OPENCTI LABELS :

phishing,russia,telegram,strrat,edr,netsupport,kazakhstan,jar files,remote administration


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Bloody Wolf evolution: new targets, new tools