Stan Ghouls, also known as Bloody Wolf, is an active cybercriminal group targeting organizations in the manufacturing, finance, and IT sectors across Central Asia and Eastern Europe. Using sophisticated spear-phishing campaigns tailored in local languages like Uzbek and Kyrgyz, the group delivers malicious PDF attachments that trick users into installing custom Java-based loaders. These loaders are designed to deploy the NetSupport Remote Access Trojan (RAT), granting the attackers full control over the compromised systems for potential financial gain or cyberespionage.
Recent investigations have identified over 60 victims, primarily in Uzbekistan and Russia, highlighting the group's significant resources and ability to manage numerous manual remote sessions simultaneously. Analysis of their evolving infrastructure has also uncovered the presence of Mirai IoT malware on domains previously linked to the group, suggesting a possible expansion of their toolkit into IoT-based threats. Despite these shifts, Stan Ghouls continues to rely on their signature Java loaders and dynamic domain registration to bypass traditional security perimeters.
Top comments (0)