Bad Magic, RedStinger

Description

(Kaspersky) In October 2022, we identified an active infection of government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions. Although the initial vector of compromise is unclear, the details of the next stage imply the use of spear phishing or similar methods. The victims navigated to a URL pointing to a ZIP archive hosted on a malicious web server.

Names

Name	Name-Giver
Bad Magic	Kaspersky
RedStinger	Malwarebytes
CloudWizard	Kaspersky

Country

Unknown

Motivation

Information theft and espionage

First Seen

2020

Observed Sectors

Observed Countries

Ukraine

Tools

Operations

2020: Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020 https://www.malwarebytes.com/blog/threat-intelligence/2023/05/redstinger
2023-05: CloudWizard APT: the bad magic story goes on https://securelist.com/cloudwizard-apt/109722/

Information

https://securelist.com/bad-magic-apt/109087/

Other Information

Uuid

f929ecc7-3be3-4fee-bb7d-3bf5762e6b3d

Last Card Change

2023-06-21

Threat Intelligence Garden

Explorer

Bad Magic, RedStinger

Bad Magic, RedStinger

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Tools

Operations

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks