RedCurl Company Espionage Hackers Return With Up to date Hacking Instruments

A company cyber-espionage hacker group has resurfaced after a seven-month hiatus with new intrusions focusing on 4 corporations this 12 months, together with one of many largest wholesale shops in Russia, whereas concurrently making tactical enhancements to its toolset in an try to thwart evaluation.

“In each assault, the risk actor demonstrates in depth purple teaming abilities and the flexibility to bypass conventional antivirus detection utilizing their very own customized malware,” Group-IB’s Ivan Pisarev mentioned.

Energetic since not less than November 2018, the Russian-speaking RedCurl hacking group has been linked to 30 assaults to this point with the aim of company cyber espionage and doc theft aimed toward 14 organizations spanning development, finance, consulting, retail, insurance coverage, and authorized sectors and situated within the U.Okay., Germany, Canada, Norway, Russia, and Ukraine.

The risk actor makes use of an array of established hacking instruments to infiltrate its targets and steal inner company documentation, akin to workers information, court docket and authorized recordsdata, and enterprise e-mail historical past, with the collective spending wherever from two to 6 months between preliminary an infection to the time knowledge will get really stolen.

RedCurl’s modus operandi marks a departure from different adversaries, not least as a result of it does not deploy backdoors nor depend on post-exploitation instruments like CobaltStrike and Meterpreter, each of that are seen as typical strategies to remotely management compromised units. What’s extra, regardless of sustaining entrenched entry, the group hasn’t been noticed conducting assaults which might be motivated by monetary acquire and contain encrypting sufferer infrastructure, or demanding ransoms for stolen knowledge.

Relatively, the emphasis seems to be to acquire useful info as covertly as attainable utilizing a mix of self-developed and publicly out there packages to realize preliminary entry utilizing social engineering means, carry out reconnaissance, obtain persistence, transfer laterally, and exfiltrate delicate documentation.

“Espionage in our on-line world is a trademark of state-sponsored superior persistent threats,” the researchers mentioned. “Usually, such assaults goal different states or state-owned corporations. Company cyber espionage continues to be a comparatively uncommon and, in some ways, distinctive prevalence. Nonetheless, it’s attainable that the group’s success might result in a brand new pattern in cybercrime.”