Home>Blog>The Hacker News Headlines>RedCurl Corporate Espionage Hackers Return With Updated Hacking Tools
The Hacker News Headlines

RedCurl Corporate Espionage Hackers Return With Updated Hacking Tools

A corporate cyber-espionage hacker group has resurfaced after a
seven-month hiatus with new intrusions targeting four companies
this year, including one of the largest wholesale stores in Russia,
while simultaneously making tactical improvements to its toolset in
an attempt to thwart analysis.

“In every attack, the threat actor demonstrates extensive red
teaming skills and the ability to bypass traditional antivirus
detection using their own custom malware,” Group-IB’s Ivan Pisarev
said[1].

Automatic GitHub Backups

Active since at least November 2018, the Russian-speaking
RedCurl hacking group[2]
has been linked to 30 attacks to date with the goal of corporate
cyber espionage and document theft aimed at 14 organizations
spanning construction, finance, consulting, retail, insurance, and
legal sectors and located in the U.K., Germany, Canada, Norway,
Russia, and Ukraine.

The threat actor uses an array of established hacking tools to
infiltrate its targets and steal internal corporate documentation,
such as staff records, court and legal files, and enterprise email
history, with the collective spending anywhere from two to six
months between initial infection to the time data gets actually
stolen.

RedCurl’s modus operandi marks a departure from other
adversaries, not least because it doesn’t deploy backdoors nor rely
on post-exploitation tools like CobaltStrike and Meterpreter, both
of which are seen as typical methods to remotely control
compromised devices. What’s more, despite maintaining entrenched
access, the group hasn’t been observed conducting attacks that are
motivated by financial gain and involve encrypting victim
infrastructure, or demanding ransoms for stolen data.

Prevent Data Breaches

Rather, the emphasis appears to be to obtain valuable
information as covertly as possible using a combination of
self-developed and publicly available programs to gain initial
access using social engineering means, perform reconnaissance,
achieve persistence, move laterally, and exfiltrate sensitive
documentation.

“Espionage in cyberspace is a hallmark of state-sponsored
advanced persistent threats,” the researchers said. “In most cases,
such attacks target other states or state-owned companies.
Corporate cyber espionage is still a relatively rare and, in many
ways, unique occurrence. However, it is possible that the group’s
success could lead to a new trend in cybercrime.”

References

  1. ^
    said
    (www.group-ib.com)
  2. ^
    RedCurl
    hacking group     (www.group-ib.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.