RedStinger  (Back to overview)

aka: Bad Magic

In October 2022, Kaspersky identified an active infection of government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions. Although the initial vector of compromise is unclear, the details of the next stage imply the use of spear phishing or similar methods. The victims navigated to a URL pointing to a ZIP archive hosted on a malicious web server.

Associated Families

There are currently no families associated with this actor.

2023-05-10MalwarebytesHossein Jazi, Roberto Santos
Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020
PowerMagic RedStinger
2023-03-21Kaspersky LabsGeorgy Kucherin, Igor Kuznetsov, Leonid Bezvershenko
Bad magic: new APT found in the area of Russo-Ukrainian conflict
PowerMagic CommonMagic RedStinger

Credits: MISP Project