Advanced Persistent Threats (APT)

Group-IB researchers observed a threat actor named Bloody Wolf launching a cyberattack campaign against Kyrgyzstan targeting the delivery of the NetSupport RAT beginning in June 2025.By early October 2025, its attacks expanded to Uzbekistan. By masquerading as the Kyrgyz Ministry of Justice, the attackers utilized official-looking PDF documents and domains, which in turn hosted malicious Java Archive (JAR) files designed to deploy the NetSupport RAT. The attack uses social engineering and easy-to-access tools via phishing emails to trick recipients into clicking on a link to download a malicious JAR loader file and install the Java Runtime, which in turn executes the loader in order to obtain the NetSupport RAT and establish persistence. Geofencing restrictions were also added to the attack against Uzbekistan.

In the context of evolving modern conflicts, cyberwarfare methodologies have become a powerful tool in the arsenal of states, hacktivists and cybercriminals. This paper provides a comprehensive analysis of the methodologies employed in the field of cyber warfare. By delving into techniques, strategies and tactics, we aim to reveal the multifaceted nature of cyber warfare.