Depending on the campaign, attackers managed to exfiltrate snapshots, USB drives, keyboard strokes, and microphone recordings.įinally, we will reveal unknown scripts and malware run by the group in this report. Military, transportation and critical infrastructure were some of the entities being targeted, as well as some involved in the September East Ukraine referendums. Additionally, we will provide insights into the latest campaigns performed by Red Stinger, where we have found that the group has targeted entities in different places of Ukraine. We have identified attacks from the group starting in 2020, meaning that they have remained under the radar for at least three years. Our investigation could be helpful to the community as we will provide new undisclosed data about the group.
Now that the existence of this group is public, we will also share some of our information about the actor and its tactics. This investigation remained private for a while, but Kaspersky recently published information about the same actor (who it called Bad Magic). Moreover, we started tracking the actor behind it, which we internally codenamed Red Stinger. While looking for activities from the usual suspects, one of our former coworkers at Malwarebytes Threat Intelligence Team discovered a new interesting lure that targeted the Eastern Ukraine region and reported that finding to the public. Given this context, it would not be surprising that the cybersecurity landscape between these two countries has also been tense. While the official conflict between Russia and Ukraine began in February 2022, there is a long history of physical conflict between the two nations, including the 2014 annexation of Crimea by Russia and when the regions of Donetsk and Luhansk declared themselves independent from Ukraine and came under Russia's umbrella.
This blog post was authored by Malwarebytes' Roberto Santos and Fortinet's Hossein Jazi
0 kommentar(er)
