Bloody Wolf Targets Kyrgyzstan and Uzbekistan with NetSupport RAT in Ongoing Cyber Campaigns

Group-IB specialists have detected a series of cyberattacks conducted by the hacker group Bloody Wolf, targeting Kyrgyzstan since June 2025 and Uzbekistan since October 2025. The primary targets include financial institutions, government agencies, and IT companies. The attacks utilize the NetSupport Remote Access Trojan (RAT), a legitimate remote administration tool repurposed for malicious activities.

The NetSupport RAT enables attackers to gain remote control over infected systems, facilitating actions such as keylogging, file transfer, and remote command execution. Its ability to mimic normal network traffic makes detection particularly challenging.

The targeting of critical sectors such as finance, government, and IT underscores the severity of these attacks. Financial institutions face risks of financial theft and fraud, while government agencies may experience espionage and data breaches. IT companies, often serving as gatekeepers for other organizations' data, present high-value targets for attackers seeking to compromise multiple entities through a single breach.

The impact on the cybersecurity landscape is substantial. These attacks highlight the need for robust cybersecurity measures in Central Asia, particularly in sectors handling sensitive data. Organizations should prioritize network monitoring, endpoint protection, and regular security audits to detect and mitigate such threats.

From an expert perspective, the use of legitimate tools for malicious purposes is a growing trend in cybercrime. Attackers leverage these tools to evade detection and maintain persistence within compromised networks. The coordinated nature of these attacks suggests a well-funded operation, necessitating heightened vigilance among targeted entities.

In response to these threats, organizations should implement multi-layered defense strategies. This includes deploying advanced threat detection systems, conducting regular security training for employees, and establishing incident response plans to quickly address any breaches.