RedCurl: The Awakening
← Research Hub

RedCurl: The Awakening

Commercial cyber espionage remains a rare and largely unique phenomenon. We cannot rule out, however, that RedCurl’s success could lead to a new trend in the cybercrime arena.

In this report:


Discover the group’s new and updated tools as well as its tactics and infrastructure characteristics mapped to the MITRE ATT&CK® matrix

Kill Chain

Gain insights into a detailed kill chain of the latest attack based on incident response activities and unique data from Group-IB Threat Intelligence & Attribution

IoCs and recommendations

Learn indicators of compromise and a set of mitigations to secure your organization against RedCurl attacks

About the report:

Last year, Group-IB specialists discovered a new Russian-speaking hacker group that they named RedCurl. Between 2018 and 2020, the group carried out 26 attacks for the purposes of corporate espionage and documentation theft. Group-IB identified 14 victim organizations across various industries. Seven months later, in 2021, the attacks resumed. Group-IB’s most recent report details how the adversary’s tactics and tools have changed and reveals the group’s new victims.

About RedCurl


Corporate espionage and documentation theft


Since 2018

Attack totalAttack total

30, including 4 attacks since the start of 2021

Dwell time in the victim’s infrastructureDwell time in the victim’s infrastructure

2–6 months