RedCurl: The Pentest You Didn’t Know About
← Research Hub

RedCurl: The Pentest You Didn’t Know About

The APT group continues to successfully attack enterprise companies in North America, Europe, and CIS countries after remaining undetected for years. Their goal is carefully planned, targeted cyber espionage.

In this report:


First description of TTPs and infrastructure of the new threat actor

Kill Chain

Detailed kill chain based on unique incident response data


Possible connections with Red October and Cloud Atlas campaigns
For RedCurl it makes no difference whether to attack a consulting company in Canada or a Russian bank. Because the contents of the victim’s documents and records can be much more valuable than the contents of their own wallets: the consequences of espionage can amount to tens of millions of dollars, despite the lack of direct financial losses.

RedCurl implements various techniques to stay undetected for months. The lack of indicators and technical data about the group makes it easier for the threat actor to remain active. We continue to track new attacks worldwide and therefore included IoCs in the report, which organizations can use to check their networks for signs of RedCurl infections.

Rustam Mirkasymov
Rustam Mirkasymov
Head of Cyber Threat Research

Advanced protection against cyber threats

Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response.