Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Unveiling Bad Magic: Cyber Espionage

May 23, 2023
Reading Time: 2 mins read
in Alerts
Unveiling Bad Magic: Cyber Espionage

 

New findings have shed light on a hacker group known as Bad Magic or Red Stinger, revealing that it has been active for a longer period than previously known. The group has been linked to cyber attacks targeting companies in the Russo-Ukrainian conflict area since at least 2016, with recent evidence showing an expansion of their targets to include individuals, diplomatic entities, and research organizations in Western and Central Ukraine.

The campaign is characterized by the use of a sophisticated modular framework called CloudWizard, enabling activities such as capturing screenshots, recording audio, logging keystrokes, stealing passwords, and harvesting Gmail inboxes.

Kaspersky, a Russian cybersecurity firm, first documented Bad Magic’s activities in March 2023, highlighting their use of the PowerMagic backdoor and the CommonMagic modular framework in attacks against Russian-occupied territories of Ukraine.

Subsequent investigations by Kaspersky and Malwarebytes have revealed a deeper understanding of the group’s tactics, linking them to historical telemetry data and identifying overlaps in source code with other malware, such as Prikormka and BugDrop.

These findings suggest that Bad Magic has been continuously evolving its tools and targeting various victims for over 15 years.

The CloudWizard framework, attributed to Bad Magic, has become a crucial piece in understanding the group’s operations, namely Operation Groundbait and Operation BugDrop. These campaigns primarily targeted anti-government separatists, government officials, politicians, and journalists in Donetsk and Luhansk.

The extensive nature of Bad Magic’s cyber espionage activities, combined with geopolitical factors in the Russo-Ukrainian conflict area, indicates that the group will likely persist with its operations in the foreseeable future.

The latest revelations highlight the persistence and ongoing commitment of the threat actor behind Bad Magic to conduct cyber espionage. As Kaspersky researcher Georgy Kucherin notes, the group has continuously enhanced its toolset and targeted organizations of interest over the past 15 years.

Understanding the origins and motivations of this mysterious group remains a crucial challenge, but each new discovery brings us closer to unraveling the bigger picture of their activities.

Reference:
  • CloudWizard APT: the bad magic story goes on
Tags: Bad MagicCloudWizardCyber AlertCyber Alerts 2023CyberattackHackersMay 2023Red StingerRussiaUkraine
ADVERTISEMENT

Related Posts

Fake Firms Push Malware on Crypto Users

Fake Sites Push Investment Scams

July 11, 2025
Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

July 11, 2025
Fake Firms Push Malware on Crypto Users

Fake Firms Push Malware on Crypto Users

July 11, 2025
Hackers Revive SEO Poisoning

Hackers Revive SEO Poisoning

July 10, 2025
Hackers Revive SEO Poisoning

RondoDox Botnet Exploits Router Flaws

July 10, 2025
Hackers Revive SEO Poisoning

ServiceNow Data Exposure via ACLs

July 10, 2025

Latest Alerts

Fake Sites Push Investment Scams

Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

RondoDox Botnet Exploits Router Flaws

ServiceNow Data Exposure via ACLs

Hackers Revive SEO Poisoning

Subscribe to our newsletter

    Latest Incidents

    Microsoft’s Outlook Long Outage

    Avantic Lab Affected By Ransomware

    $40M+ Stolen from GMX Crypto Platform

    Bitcoin Depot Breach Exposes Data

    McDonald’s AI Hiring Bot Exposes Data

    Nippon Steel Solutions Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial