Latest posts by Content (see all)
- Maidstone, Sask. RCMP Seizes Several Kilos of Meth, Cocaine, and Fentanyl - July 17, 2023
- Undetectable Info Stealer: Sold on Darknet - July 14, 2023
- US Feds’ New Task Force Targets Darknet Markets - July 14, 2023
Cyber Security Professionals Since 2020, Malwarebytes has uncovered a new APT gang that has been conducting espionage attacks on Eastern Europe. Red Stinger is an organization that specializes in lengthy stays in its victims’ systems. Malwarebytes data, among the targets include military, transportation, and essential facilities, as well as certain participants in the Donbass referendums in September 2022.
Depending on the campaign, attackers download screenshots, data from USB devices, track keystrokes, and enable microphone recording, according to the Malwarebytes research. Since 2021, Red Stinger malware has been used in assaults on government, agricultural, and transportation institutions in Donetsk, Luhansk, and Crimea.
What is Known About the Gang
The Red Stinger hacking campaign began in December 2020, infecting victims and gaining control of their computers using software such as DBoxShell and GraphShell. These technologies communicate via cloud services and the Microsoft Graph API.
Following the initial infection, components such as “ngrok,” “rsockstun,” and a binary file are used to upload target information to the hackers’ Dropbox account. The scope of the effort is unknown, but evidence suggests that in February 2022, two victims in central Ukraine—a military target and an employee of a vital infrastructure organization—were compromised. The attackers used screenshots, microphone recordings, and office papers to perform reconnaissance.
Attacks occurred in the Donbass area in September 2022, targeting authorities and referendum participants, with private material taken from a victim’s USB stick. The motivations for these acts are unknown, and attribution to a single country is difficult.
However, the use of English as the default language in applications and the presentation of weather in Fahrenheit imply that native English speakers may be involved. The major goal of the assaults appears to be data collection and monitoring, as indicated by the targeted targeting of victims and the sophisticated technologies used.