Security News > 2021 > November > RedCurl corporate espionage hackers resume attacks with updated tools

RedCurl corporate espionage hackers resume attacks with updated tools
2021-11-18 11:32

A crew of highly-skilled hackers specialized in corporate espionage has resumed activity, one of their victims this year being a large wholesale company in Russia.

Active since 2018, RedCurl is responsible for at least 30 attacks against businesses in Russia, Ukraine, Canada, Norway, the UK, and Germany, the latest four of them occurring this year.

Researchers at cybersecurity company Group-IB noticed a seven-month gap in RedCurl's activity, which the hackers used to add significant improvements to their set of custom tools and attack methods.

During the investigation, Group-IB found that the RedCurl extended the attack chain to five stages, from the previously observed three or four steps.

The researchers note that RedCurl has shifted from the typical use of batch and PowerShell scripts to executable files and that antivirus software failed to detect the initial infection or the attacker moving laterally on the victim network.

One explanation is that the group had little time to start the attack and could not properly test their tools.


News URL

https://www.bleepingcomputer.com/news/security/redcurl-corporate-espionage-hackers-resume-attacks-with-updated-tools/