• Mon. Oct 23rd, 2023

New Red Stinger Gang Collects Data From Politicians in Donbass and Military Infrastructure in Eastern Europe

Avatar photo


Jul 14, 2023
Red Stinger Gang infiltrates politicians

Cyber Security Professionals Since 2020, Malwarebytes has uncovered a new APT gang that has been conducting espionage attacks on Eastern Europe. Red Stinger is an organization that specializes in lengthy stays in its victims’ systems. Malwarebytes data, among the targets include military, transportation, and essential facilities, as well as certain participants in the Donbass referendums in September 2022. 

Depending on the campaign, attackers download screenshots, data from USB devices, track keystrokes, and enable microphone recording, according to the Malwarebytes research. Since 2021, Red Stinger malware has been used in assaults on government, agricultural, and transportation institutions in Donetsk, Luhansk, and Crimea.

What is Known About the Gang

The Red Stinger hacking campaign began in December 2020, infecting victims and gaining control of their computers using software such as DBoxShell and GraphShell. These technologies communicate via cloud services and the Microsoft Graph API

Following the initial infection, components such as “ngrok,” “rsockstun,” and a binary file are used to upload target information to the hackers’ Dropbox account. The scope of the effort is unknown, but evidence suggests that in February 2022, two victims in central Ukraine—a military target and an employee of a vital infrastructure organization—were compromised. The attackers used screenshots, microphone recordings, and office papers to perform reconnaissance. 

Attacks occurred in the Donbass area in September 2022, targeting authorities and referendum participants, with private material taken from a victim’s USB stick. The motivations for these acts are unknown, and attribution to a single country is difficult. 

However, the use of English as the default language in applications and the presentation of weather in Fahrenheit imply that native English speakers may be involved. The major goal of the assaults appears to be data collection and monitoring, as indicated by the targeted targeting of victims and the sophisticated technologies used.