Group-IB specialists have recorded new attacks by the Bloody Wolf hacker group, which has been targeting Kyrgyzstan since June 2025 and has expanded its operations to Uzbekistan since October. The financial sector, government agencies, and IT companies are at risk. According to researchers, the attackers are impersonating the Kyrgyz Ministry of Justice, using fake PDF documents and seemingly legitimate domains, but are actually distributing Java archives (JARs) containing the NetSupport RAT malware. Bloody Wolf has been active since at least the end of 2023. Previously, the group targeted Kazakhstan and Russia, distributing STRRAT and NetSupport via phishing attacks. The group’s geographic reach