RedCurl Corporate Espionage Hackers Return With Updated Hacking Tools

Cyber Security

Products You May Like

A corporate cyber-espionage hacker group has resurfaced after a seven-month hiatus with new intrusions targeting four companies this year, including one of the largest wholesale stores in Russia, while simultaneously making tactical improvements to its toolset in an attempt to thwart analysis.

“In every attack, the threat actor demonstrates extensive red teaming skills and the ability to bypass traditional antivirus detection using their own custom malware,” Group-IB’s Ivan Pisarev said.

Automatic GitHub Backups

Active since at least November 2018, the Russian-speaking RedCurl hacking group has been linked to 30 attacks to date with the goal of corporate cyber espionage and document theft aimed at 14 organizations spanning construction, finance, consulting, retail, insurance, and legal sectors and located in the U.K., Germany, Canada, Norway, Russia, and Ukraine.

The threat actor uses an array of established hacking tools to infiltrate its targets and steal internal corporate documentation, such as staff records, court and legal files, and enterprise email history, with the collective spending anywhere from two to six months between initial infection to the time data gets actually stolen.

RedCurl’s modus operandi marks a departure from other adversaries, not least because it doesn’t deploy backdoors nor rely on post-exploitation tools like CobaltStrike and Meterpreter, both of which are seen as typical methods to remotely control compromised devices. What’s more, despite maintaining entrenched access, the group hasn’t been observed conducting attacks that are motivated by financial gain and involve encrypting victim infrastructure, or demanding ransoms for stolen data.

Prevent Data Breaches

Rather, the emphasis appears to be to obtain valuable information as covertly as possible using a combination of self-developed and publicly available programs to gain initial access using social engineering means, perform reconnaissance, achieve persistence, move laterally, and exfiltrate sensitive documentation.

“Espionage in cyberspace is a hallmark of state-sponsored advanced persistent threats,” the researchers said. “In most cases, such attacks target other states or state-owned companies. Corporate cyber espionage is still a relatively rare and, in many ways, unique occurrence. However, it is possible that the group’s success could lead to a new trend in cybercrime.”

Products You May Like

Articles You May Like

Amazon Prime Day 2024 Sale Deals: Discounts on Echo, Fire TV Stick and More Amazon Products
Google Pixel Watch 3 Price and Colour Variants Leaked Ahead of Anticipated Launch
iPhone 17 May Not Have a Thin Design as Apple Delays Plans to Use Space-Saving RCC Components: Report
Google Pixel 9 Series Including Pixel 9 Pro Fold Leaked Again; Design, Battery, Charging Details Surface Online
Kaspersky Exits U.S. Market Following Commerce Department Ban

Leave a Reply

Your email address will not be published. Required fields are marked *