Security News > 2021 > November > RedCurl corporate espionage hackers resume attacks with updated tools
A crew of highly-skilled hackers specialized in corporate espionage has resumed activity, one of their victims this year being a large wholesale company in Russia.
Active since 2018, RedCurl is responsible for at least 30 attacks against businesses in Russia, Ukraine, Canada, Norway, the UK, and Germany, the latest four of them occurring this year.
Researchers at cybersecurity company Group-IB noticed a seven-month gap in RedCurl's activity, which the hackers used to add significant improvements to their set of custom tools and attack methods.
During the investigation, Group-IB found that the RedCurl extended the attack chain to five stages, from the previously observed three or four steps.
The researchers note that RedCurl has shifted from the typical use of batch and PowerShell scripts to executable files and that antivirus software failed to detect the initial infection or the attacker moving laterally on the victim network.
One explanation is that the group had little time to start the attack and could not properly test their tools.
News URL
Related news
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)