Security News > 2021 > November > RedCurl corporate espionage hackers resume attacks with updated tools
A crew of highly-skilled hackers specialized in corporate espionage has resumed activity, one of their victims this year being a large wholesale company in Russia.
Active since 2018, RedCurl is responsible for at least 30 attacks against businesses in Russia, Ukraine, Canada, Norway, the UK, and Germany, the latest four of them occurring this year.
Researchers at cybersecurity company Group-IB noticed a seven-month gap in RedCurl's activity, which the hackers used to add significant improvements to their set of custom tools and attack methods.
During the investigation, Group-IB found that the RedCurl extended the attack chain to five stages, from the previously observed three or four steps.
The researchers note that RedCurl has shifted from the typical use of batch and PowerShell scripts to executable files and that antivirus software failed to detect the initial infection or the attacker moving laterally on the victim network.
One explanation is that the group had little time to start the attack and could not properly test their tools.
News URL
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)