Wizards of Cyber: Spellbinder Casts a Dark Cybersecurity Spell

ESET has uncovered Spellbinder, a tool by TheWizards, a China-linked group. They use it for AitM attacks, redirecting software updates to spread their WizardNet backdoor. Through clever network trickery and fake DNS responses, Spellbinder has a knack for causing mischief while making software updates look like a magic show gone wrong.

3P
Published: May 5, 2025 4:29 pmAdded: May 5, 2025 at 10:01 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like TheWizards have traded in their pointy hats for cyber hoods! Their magical new tool, Spellbinder, is casting spells on network traffic and pulling an epic disappearing act on legitimate software updates. Watch out, because these hackers are turning trusted update processes into their own personal playground! If only the sorcerers of cybersecurity could just Wingardium Leviosa these threats away.

Key Points:

  • TheWizards, a China-linked cyber espionage group, uses Spellbinder for adversary-in-the-middle (AitM) attacks.
  • Spellbinder manipulates network traffic to deliver the WizardNet backdoor via fake software updates.
  • Spellbinder employs advanced IPv6 SLAAC spoofing and DNS hijacking techniques.
  • TheWizards target various regions, notably the Philippines, Cambodia, UAE, and China.
  • Connections have been drawn between TheWizards and the Chinese company UPSEC.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?