The hacking group Bloody Wolf, previously seen attacking Kyrgyzstan, has shifted its focus to the financial sector and IT companies in Uzbekistan. According to AN Podrobno.uz, the attackers are sending out phishing emails with malicious PDF documents, which are used to install the NetSupport RAT virus - a remote access tool that allows them to control the victim's computer and steal data.
According to Hacker News, the group's activity in the region has been recorded since June 2025. In Uzbekistan, hackers use geographic filtering: if the email is opened outside the country, the user is taken to the official website, and when opened inside Uzbekistan, the download of a malicious JAR file begins. The letters offer to install a file to view the document, but in practice this leads to the launch of a malicious program that is fixed in the system through the Windows registry, autorun, and scheduled tasks.
Experts note that Bloody Wolf is using the 2013 version of NetSupport RAT, but even outdated tools remain effective due to social engineering and user trust in letters disguised as messages from government agencies. Analysts warn that what is happening indicates a growing cyber threat in Central Asia and underscores the need to strengthen the protection of financial and government systems.
