A company cyber-espionage hacker group has resurfaced after a seven-month hiatus with new intrusions concentrating on 4 firms this yr, together with one of many largest wholesale shops in Russia, whereas concurrently making tactical enhancements to its toolset in an try to thwart evaluation.
“In each assault, the menace actor demonstrates in depth purple teaming expertise and the flexibility to bypass conventional antivirus detection utilizing their very own customized malware,” Group-IB’s Ivan Pisarev stated.
Lively since at the very least November 2018, the Russian-speaking RedCurl hacking group has been linked to 30 assaults to this point with the purpose of company cyber espionage and doc theft geared toward 14 organizations spanning development, finance, consulting, retail, insurance coverage, and authorized sectors and situated within the U.Ok., Germany, Canada, Norway, Russia, and Ukraine.
The menace actor makes use of an array of established hacking instruments to infiltrate its targets and steal inner company documentation, reminiscent of workers information, court docket and authorized information, and enterprise electronic mail historical past, with the collective spending wherever from two to 6 months between preliminary an infection to the time information will get really stolen.
RedCurl’s modus operandi marks a departure from different adversaries, not least as a result of it does not deploy backdoors nor depend on post-exploitation instruments like CobaltStrike and Meterpreter, each of that are seen as typical strategies to remotely management compromised units. What’s extra, regardless of sustaining entrenched entry, the group hasn’t been noticed conducting assaults which might be motivated by monetary acquire and contain encrypting sufferer infrastructure, or demanding ransoms for stolen information.
Reasonably, the emphasis seems to be to acquire invaluable data as covertly as attainable utilizing a mix of self-developed and publicly out there packages to realize preliminary entry utilizing social engineering means, carry out reconnaissance, obtain persistence, transfer laterally, and exfiltrate delicate documentation.
“Espionage in our on-line world is a trademark of state-sponsored superior persistent threats,” the researchers stated. “Typically, such assaults goal different states or state-owned firms. Company cyber espionage continues to be a comparatively uncommon and, in some ways, distinctive prevalence. Nevertheless, it’s attainable that the group’s success might result in a brand new pattern in cybercrime.”