Red Stinger

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Red Stinger, also known as Bad Magic, is a previously undetected Advanced Persistent Threat (APT) group that has been linked to cyber-espionage activities targeting Eastern Europe since 2020. The group's operations have primarily focused on both pro-Ukraine and pro-Russia victims in central and eastern Ukraine respectively, with targets including military personnel, transportation systems, and critical infrastructure related to the Russo-Ukrainian conflict. Security firm Malwarebytes traced Red Stinger's activities back to 2020, while cybersecurity company Kaspersky detected the group in October 2022, indicating their use of stealthy techniques and strong operational security. The group’s operations were revealed when researchers discovered two victims who appeared to be members of Red Stinger and had seemingly infected their own machines with the group's malware, possibly during testing or by mistake. Among the group's notable targets was a member of Ukraine’s military; however, the activity on this target lasted only for a few hours, likely because the victim noticed something amiss. Red Stinger also conducted surveillance on officers and individuals involved in Russian referendums at Luhansk, Donetsk, Zaporizhzhia, and Kherson while these events were unfolding. Despite extensive research, the motives behind Red Stinger's operations remain unclear, as the group has targeted entities on both sides of Russia’s war on Ukraine. This unusual pattern, along with the group's ability to stay undetected for a significant period, highlights the complexity of Red Stinger's tactics and the potential threat it poses to entities involved in the ongoing Russo-Ukrainian conflict. Further investigations are required to fully understand the extent of Red Stinger's operations and its ultimate objectives.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Bad Magic
3
Bad Magic, a malicious software (malware), was first reported by Kaspersky in March 2023. The malware is associated with a hacker group known as 'Bad Magic' or 'Red Stinger', which targets companies involved in the Russo-Ukrainian conflict. The group's modus operandi involves the use of a backdoor c
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malwarebytes
Apt
Kaspersky
Espionage
Windows
Ukraine
Malware
Russia
Europe
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
DboxshellUnspecified
1
DboxShell is a type of malware that uses cloud storage services as a command and control (C&C) mechanism. It is also known as PowerMagic by Kaspersky. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can dis
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
APT28Unspecified
1
APT28, also known as Fancy Bear, is a threat actor linked to Russia and has been involved in numerous cyber espionage campaigns. The group is notorious for its sophisticated tactics, techniques, and procedures (TTPs). Recently, NATO and the EU formally condemned APT28's activities, acknowledging the
SwallowtailUnspecified
1
None
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Red Stinger Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Checkpoint
a year ago
15th May – Threat Intelligence Report - Check Point Research
Malwarebytes
a year ago
Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020
CERT-EU
a year ago
New APT Group Red Stinger Targets Military and Critical Infrastructure in Eastern Europe - GIXtools
CERT-EU
a year ago
Mysterious Red Stinger APT spying on pro-Ukraine and pro-Russia targets in Ukraine
BankInfoSecurity
a year ago
Enigmatic Hacking Group Operating in Ukraine
CERT-EU
a year ago
Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor
CERT-EU
a year ago
Enigmatic Hacking Group Operating in Ukraine | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker – National Cyber Security Consulting
CERT-EU
a year ago
A Mysterious New Hacker Group Is Lurking in Ukraine’s Cyberspace
CERT-EU
a year ago
Cyber security week in review: May 12, 2023
CERT-EU
a year ago
Bad Magic's Extended Reign in Cyber Espionage Goes Back Over a Decade
CERT-EU
a year ago
A Mysterious Group Has Ties to 15 Years of Ukraine-Russia Hacks | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker – National Cyber Security Consulting
CERT-EU
a year ago
New APT Group Red Stinger Targets Military and Critical Infrastructure in Eastern Europe
CERT-EU
a year ago
Newly identified APT group's motives in Ukraine baffle researchers