The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

TheWizards Use Spellbinder to Conjure Lateral Movement

May 5, 2025 11:09:59 AM / by The Hivemind posted in Threat Bulletin, China, TheWizards, Spellbinder, WizardNet

0 Comments

Verticals Targeted: Gambling
Regions Targeted: Philippines, Cambodia, United Arab Emirates, China, Hong Kong
Related Families: WizardNet, DarkNights (DarkNimbus)

Executive Summary

TheWizards APT group leverages Spellbinder, a sophisticated lateral movement tool, to conduct adversary-in-the-middle (AitM) attacks, hijacking legitimate Chinese software updates to deploy the WizardNet backdoor. This activity targets gambling companies and individuals across Asia and the Middle East.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts