Concise Cyber

Subscribe below for free to get these delivered straight to your inbox

Advertisements
Bloody Wolf Threat Actor Expands Cyber-Espionage Campaign in Central Asia
Advertisements

The cyber-espionage group known as Bloody Wolf has expanded its operational activities, targeting organizations across Central Asia. The campaign has been observed focusing on government, military, and law enforcement entities in countries including Afghanistan, Iran, Pakistan, Tajikistan, and Uzbekistan. The threat actor has also been linked to activities targeting Russia.

Researchers at Intezer have been tracking this campaign from May 2022. The group’s primary method of attack involves spear-phishing campaigns that use malicious decoy documents. These documents are designed to lure targets by using themes relevant to regional political and military affairs.

Tactics and Custom Malware

Bloody Wolf employs a specific set of tools to infiltrate and control target systems. One of the key components is Royal-Road, a Rich Text Format (RTF) weaponizer. This tool is used to exploit known vulnerabilities, such as CVE-2018-0802, to gain initial access to a victim’s machine.

Once access is established, the group deploys a custom malware family named Poison-Plug. This is a modular backdoor designed for comprehensive espionage activities. Its capabilities include system reconnaissance, file exfiltration, and the execution of commands sent from a command-and-control (C2) server. Poison-Plug utilizes TCP sockets for its C2 communications, allowing the attackers to maintain control over the compromised system.

Attribution and Connections

Cybersecurity researchers from both Intezer and BlackBerry have linked the Bloody Wolf threat actor to a known China-based group. This group is identified by various names, including Bronze President, HoneyMyte, and Mustang Panda. The attribution is based on analysis of the Tactics, Techniques, and Procedures (TTPs) and the shared infrastructure used in the campaigns.

The continued activity and expansion of Bloody Wolf indicate a persistent cyber-espionage effort focused on gathering intelligence from strategically important organizations within Central Asia. The use of custom malware and politically themed lures demonstrates a targeted approach to its operations.

All articles are written here with the help of AI on the basis of openly available information which cannot be independently verified. We do strive to quote the relevant sources.The intent is only to summarise what is already reported in public forum in our own wordswith no intention to plagarise or copy other person’s work.The publisher has no intent to defame or cause offence to anyone, any person or any organisation at any moment.The publisher assumes no responsibility for any damage or loss caused by making decisions on the basis of whatever is published on cyberconcise.com.You’re advised to do your own checks and balances before making any decision, and owners and publishers at cyberconcise.com cannot be held accountable for its resulting ramifications.If you have any objections, concerns or point out anything factually incorrect, please reach out using the form on https://concisecyber.com/about/

Discover more from Concise Cyber

Subscribe now to keep reading and get access to the full archive.

Continue reading