ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > Bad Magic, RedStinger

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Bad Magic, RedStinger

NamesBad Magic (Kaspersky)
RedStinger (Malwarebytes)
CloudWizard (Kaspersky)
Country[Unknown]
MotivationInformation theft and espionage
First seen2020
Description(Kaspersky) In October 2022, we identified an active infection of government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions. Although the initial vector of compromise is unclear, the details of the next stage imply the use of spear phishing or similar methods. The victims navigated to a URL pointing to a ZIP archive hosted on a malicious web server.
ObservedSectors: Defense, Food and Agriculture, Government, Transportation.
Countries: Ukraine.
Tools usedCommonMagic, PowerMagic.
Operations performed2020Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020
<https://www.malwarebytes.com/blog/threat-intelligence/2023/05/redstinger>
May 2023CloudWizard APT: the bad magic story goes on
<https://securelist.com/cloudwizard-apt/109722/>
Information<https://securelist.com/bad-magic-apt/109087/>

Last change to this card: 21 June 2023

Download this actor card in PDF or JSON format

Previous: BackdoorDiplomacy
Next: Bahamut

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]