VERY IMPORTANT

Stan Ghouls, a cybercriminal group also known as Bloody Wolf, has been conducting targeted attacks against organizations in Russia, Uzbekistan, and other Central Asian countries since 2023. Their latest campaign primarily focused on Uzbekistan, with about 50 victims identified, along with 10 in Russia and a few others in neighboring countries. The attackers use spear-phishing emails with malicious PDF attachments to deliver a Java-based loader, which then installs the NetSupport remote access tool. The group targets manufacturing, finance, and IT sectors, possibly for financial gain and espionage. New evidence suggests Stan Ghouls may be expanding into IoT-based threats, as Mirai malware files were found on a server linked to their previous campaigns.