Red Stinger

Malware updated 6 months ago (2024-05-04T22:17:58.902Z)
Download STIX
Preview STIX
Red Stinger, also known as Bad Magic, is a previously undetected Advanced Persistent Threat (APT) group that has been linked to cyber-espionage activities targeting Eastern Europe since 2020. The group's operations have primarily focused on both pro-Ukraine and pro-Russia victims in central and eastern Ukraine respectively, with targets including military personnel, transportation systems, and critical infrastructure related to the Russo-Ukrainian conflict. Security firm Malwarebytes traced Red Stinger's activities back to 2020, while cybersecurity company Kaspersky detected the group in October 2022, indicating their use of stealthy techniques and strong operational security. The group’s operations were revealed when researchers discovered two victims who appeared to be members of Red Stinger and had seemingly infected their own machines with the group's malware, possibly during testing or by mistake. Among the group's notable targets was a member of Ukraine’s military; however, the activity on this target lasted only for a few hours, likely because the victim noticed something amiss. Red Stinger also conducted surveillance on officers and individuals involved in Russian referendums at Luhansk, Donetsk, Zaporizhzhia, and Kherson while these events were unfolding. Despite extensive research, the motives behind Red Stinger's operations remain unclear, as the group has targeted entities on both sides of Russia’s war on Ukraine. This unusual pattern, along with the group's ability to stay undetected for a significant period, highlights the complexity of Red Stinger's tactics and the potential threat it poses to entities involved in the ongoing Russo-Ukrainian conflict. Further investigations are required to fully understand the extent of Red Stinger's operations and its ultimate objectives.
Description last updated: 2024-05-04T21:37:08.609Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Bad Magic is a possible alias for Red Stinger. Bad Magic, a malicious software (malware), was first reported by Kaspersky in March 2023. The malware is associated with a hacker group known as 'Bad Magic' or 'Red Stinger', which targets companies involved in the Russo-Ukrainian conflict. The group's modus operandi involves the use of a backdoor c
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Malwarebytes
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Red Stinger Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more