Red Stinger

Red Stinger, also known as Bad Magic, is a previously undetected Advanced Persistent Threat (APT) group that has been linked to cyber-espionage activities targeting Eastern Europe since 2020. The group's operations have primarily focused on both pro-Ukraine and pro-Russia victims in central and eastern Ukraine respectively, with targets including military personnel, transportation systems, and critical infrastructure related to the Russo-Ukrainian conflict. Security firm Malwarebytes traced Red Stinger's activities back to 2020, while cybersecurity company Kaspersky detected the group in October 2022, indicating their use of stealthy techniques and strong operational security. The group’s operations were revealed when researchers discovered two victims who appeared to be members of Red Stinger and had seemingly infected their own machines with the group's malware, possibly during testing or by mistake. Among the group's notable targets was a member of Ukraine’s military; however, the activity on this target lasted only for a few hours, likely because the victim noticed something amiss. Red Stinger also conducted surveillance on officers and individuals involved in Russian referendums at Luhansk, Donetsk, Zaporizhzhia, and Kherson while these events were unfolding. Despite extensive research, the motives behind Red Stinger's operations remain unclear, as the group has targeted entities on both sides of Russia’s war on Ukraine. This unusual pattern, along with the group's ability to stay undetected for a significant period, highlights the complexity of Red Stinger's tactics and the potential threat it poses to entities involved in the ongoing Russo-Ukrainian conflict. Further investigations are required to fully understand the extent of Red Stinger's operations and its ultimate objectives.