RedCurl Hackers Return
RedCurl Corporate Espionage Hackers Return With Updated Hacking Tools
A corporate cyber-espionage hacker group has resurfaced after a seven-month hiatus with new intrusions targeting four companies this year, including one of the largest wholesale stores in Russia, while simultaneously making tactical improvements to its toolset in an attempt to thwart analysis.
"In every attack, the threat actor demonstrates extensive red teaming skills and the ability to bypass traditional antivirus detection using their own custom malware," Group-IB's Ivan Pisarev said.
Active since at least November 2018, the Russian-speaking RedCurl hacking group has been linked to 30 attacks to date with the goal of corporate cyber espionage and document theft aimed at 14 organizations spanning construction, finance, consulting, retail, insurance, and legal sectors and located in the U.K., Germany, Canada, Norway, Russia, and Ukraine.