Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

RedCurl: The Awakening
← Research Hub

RedCurl: The Awakening

Commercial cyber espionage remains a rare and largely unique phenomenon. We cannot rule out, however, that RedCurl’s success could lead to a new trend in the cybercrime arena.
Download report

In this report:

TTPs

Discover the group’s new and updated tools as well as its tactics and infrastructure characteristics mapped to the MITRE ATT&CK® matrix

Kill Chain

Gain insights into a detailed kill chain of the latest attack based on incident response activities and unique data from Group-IB Threat Intelligence & Attribution

IoCs and recommendations

Learn indicators of compromise and a set of mitigations to secure your organization against RedCurl attacks

About the report:

Last year, Group-IB specialists discovered a new Russian-speaking hacker group that they named RedCurl. Between 2018 and 2020, the group carried out 26 attacks for the purposes of corporate espionage and documentation theft. Group-IB identified 14 victim organizations across various industries. Seven months later, in 2021, the attacks resumed. Group-IB’s most recent report details how the adversary’s tactics and tools have changed and reveals the group’s new victims.

About RedCurl

GoalGoal

Corporate espionage and documentation theft

ActiveActive

Since 2018

Attack totalAttack total

30, including 4 attacks since the start of 2021

Dwell time in the victim’s infrastructureDwell time in the victim’s infrastructure

2–6 months

VictimsVictims

15

Relevant reports

We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields:

Conti Armada: The ARMattack Campaign
Threat Research
Conti Armada: The ARMattack Campaign
Take a deep dive into “ARMattack”, one of the shortest yet most successful campaigns...
Learn more
OldGremlin Ransomware: Never Ever Feed Them after The Locknight
Threat Research
OldGremlin Ransomware: Never Ever Feed Them after The Locknight
The case of OldGremlin illustrates how the ransomware industry has evolved in recent years....
Learn more
Ransomware Uncovered 2021/2022
Threat Research
Ransomware Uncovered 2021/2022
The well-known complete guide to the latest tactics, techniques, and procedures of ransomware operators...
Learn more