RedCurl Espionage Hackers Returns with better-equipped tools

Share post:

RedCurl, a group of professional hackers specializing in corporate espionage, has returned with new, sophisticated tools.

The new activity was discovered by security researchers from cybersecurity firm Group-IB. According to researchers, the group needed seven months of inactivity to improve its tailored tools and attack methods.

Following a recent attack, researchers discovered that the number of steps the gang takes to carry out a supply chain attack has increased from three to four to five stages. To prevent their activities from being noticed, the hackers use a sophisticated decoy file from the organization to deceive users when they click on the malicious document.

The group is now using the ‘RedCurl.Extractor’ tool to prepare the final step of the attack, which involves persistence of the system.

Others are the RedCurl.InitialDropper, a tool that is used in the initial stages of infection to download batch or PowerShell scripts; RedCurl.Downloader (a new tool), an intermediary stage downloader that collects data about an infected system; RedCurl.Extractor; RedCurl.FSABIN; RedCurl.CHABIN1; RedCurl.CHABIN2.

For more information, read the original story in Bleeping Computer.


Related articles

Cyber Security Today, Week in Review for week ending Friday May 17, 2024

Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, May 17th,...

Cyber Security Today, May 17, 2024 – Malware hiding in Apache Tomcat servers

Malware hiding in Apache Tomcat servers, new backdoors found, and more Welcome to Cyber Security Today. It's Friday, May...

MIT students exploit blockchain vulnerability to steal 25 million dollars

Two MIT students have been implicated in a highly sophisticated cryptocurrency heist, where they reportedly exploited a vulnerability...

Cyber Security Today, May 15, 2024 – Ebury botnet still exploits Linux servers, Microsoft, SAP and Apple issue security updates

The Ebury botnet continues to exploit Linux servers, Microsoft, SAP and Apple issue security updates, and more. Welcome to...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways