"A Deeper Insight Into the CloudWizard APT's Activity Revealed a Long-Running Activity"
In March 2023, researchers detected a previously unknown Advanced Persistent Threat (APT) group, Bad Magic, also known as Red Stinger, which targeted organizations in the region of the Russo-Ukrainian conflict. The attackers were seen using PowerMagic and CommonMagic implants. On the lookout for other implants with similarities to PowerMagic and CommonMagic, the researchers discovered a different cluster of even more sophisticated malicious activities associated with the same threat actor. In addition to Donetsk, Lugansk, and Crimea, victims of this cluster were also located in central and western Ukraine. The APT group targeted individuals as well as diplomatic and research organizations in the conflict zone. In the most recent campaign discovered by researchers, the APT group used a modular framework dubbed CloudWizard that supports spyware capabilities, such as capturing screenshots, recording microphones, harvesting Gmail inboxes, and keylogging. This article continues to discuss the CloudWizard APT targeting organizations involved in the region of the Russo-Ukrainian conflict.