The PolySwarm Blog

Verticals Targeted: Gambling
Regions Targeted: Philippines, Cambodia, United Arab Emirates, China, Hong Kong
Related Families: WizardNet, DarkNights (DarkNimbus)

Executive Summary

TheWizards APT group leverages Spellbinder, a sophisticated lateral movement tool, to conduct adversary-in-the-middle (AitM) attacks, hijacking legitimate Chinese software updates to deploy the WizardNet backdoor. This activity targets gambling companies and individuals across Asia and the Middle East.