[TheRecord] RedCurl hacking group returns with new attacks

Even after its operations were publicly exposed in August 2020, the RedCurl hacking group has continued to carry out new intrusions and has breached at least four companies this year, according to a new report from security firm Group-IB.

Targets hacked this year included two companies based in Russia, along with two others that Group-IB researchers said they couldn’t identify.

All in all, the group has now been linked to at least 30 intrusions since 2018, when it began operating, with victims located in the UK, Germany, Canada, Norway, Russia, and Ukraine.

Group-IB, which it previously detailed the group’s modus operandi in a report last year, said RedCurl consists of Russian-speaking members who have primarily engaged in corporate espionage, targeting companies across the world to steal documents that contain commercial secrets and employee personal data.

Besides discovering new attacks, Group-IB’s latest report also notes that RedCurl operators have done little to change their tactics besides a few updates to the tools they used during intrusions.

However, researchers did find one interesting tidbit in one of their investigations, notably that RedCurl operators had changed the time on a compromised system to UTC+3, the timezone for regions like Minsk, Moscow, Turkey, and many countries in the Middle East, where hacking groups have often been discovered to operate.

Image: Group-IB

The post RedCurl hacking group returns with new attacks appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[BleepingComputer] White House urges mayors to review local govts’ cybersecurity posture

Following recent ransomware attacks, Deputy National Security Advisor Anne Neuberger asked US mayors to immediately hold a meeting with the heads of state agencies to evaluate their cybersecurity posture. […] Source: Read More (BleepingComputer)

Read More

[SecurityWeek] Vulnerabilities in Visual Studio Code Extensions Expose Developers to Attacks

All posts, Security Week

Vulnerabilities in Visual Studio Code extensions could be exploited by malicious attackers to steal valuable information from developers and even compromise organizations, researchers with open-source software security firm Snyk say. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[ZDNet] Microsoft acquires privileged access management vendor CloudKnox Security

All posts, ZDNet

Microsoft is continuing its security vendor buying spree with its purchase of CloudKnox Security. Source: Read More (Latest topics for ZDNet in Security)

Read More