In October 2022, Kaspersky identified an active infection of government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions. Although the initial vector of compromise is unclear, the details of the next stage imply the use of spear phishing or similar methods. The victims navigated to a URL pointing to a ZIP archive hosted on a malicious web server.
There are currently no families associated with this actor.
Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020
Bad magic: new APT found in the area of Russo-Ukrainian conflict
PowerMagic CommonMagic RedStinger