redext
RedExt is the name used in the provided content for Russian-speaking threat actors linked to a software supply chain campaign distributing the GlassWorm malware through malicious VSCode extensions on Open VSX. The campaign involved three new malicious extensions, downloaded more than 10,000 times, and used invisible Unicode obfuscation to evade Open VSX security defenses. The activity impacted at least sixty organizations in the U.S. and globally, with the victim count likely incomplete based on the exposed data source referenced in the content. The actors were described as leveraging the RedExt open-source command-and-control browser extension framework. No additional aliases or sub-groups are provided in the content beyond RedExt.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Recent activity
1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.