RedCurl, a group of professional hackers specializing in corporate espionage, has returned with new, sophisticated tools.
The new activity was discovered by security researchers from cybersecurity firm Group-IB. According to researchers, the group needed seven months of inactivity to improve its tailored tools and attack methods.
Following a recent attack, researchers discovered that the number of steps the gang takes to carry out a supply chain attack has increased from three to four to five stages. To prevent their activities from being noticed, the hackers use a sophisticated decoy file from the organization to deceive users when they click on the malicious document.
The group is now using the ‘RedCurl.Extractor’ tool to prepare the final step of the attack, which involves persistence of the system.
Others are the RedCurl.InitialDropper, a tool that is used in the initial stages of infection to download batch or PowerShell scripts; RedCurl.Downloader (a new tool), an intermediary stage downloader that collects data about an infected system; RedCurl.Extractor; RedCurl.FSABIN; RedCurl.CHABIN1; RedCurl.CHABIN2.
For more information, read the original story in Bleeping Computer.
