Corporate espionage hackers RedCurl return after hiatus with improved tools

Written by
Nov 18, 2021 | CYBERSCOOP

A corporate espionage organization known as RedCurl that made waves before disappearing last year has resurfaced with a fresh batch of attacks and sharpened tools for the task, researchers at cybersecurity firm Group-IB said Thursday.

The group’s four known attacks since the beginning of 2021 include one against one of Russia’s largest wholesalers, which provides home, leisure and office goods, Group-IB found. Overall, the company concluded that RedCurl has been behind more than 30 attacks during a three-year span.

RedCurl’s tactical improvements after a seven-month absence include upgrades to most of its tools, such as more effective data encryption for its malware.

“Corporate cyber espionage is still a relatively rare and, in many ways, unique occurrence,” Group-IB’s report reads. “However, it is possible that the group’s success could lead to a new trend in cybercrime.”

Despite the rarity of corporate cyber espionage, Group-IB’s report on the RedCurl revival is the second tranche of research to publish this month alone about such groups. Trend Micro recently revealed an espionage outfit it named Void Balaur, which advertises its services under the name “Rockethack.”

Notably, both groups are Russian-speaking and have targeted victims

Read More: