TTPs
First description of TTPs and infrastructure of the new threat actor
Kill Chain
Detailed kill chain based on unique incident response data
Attribution
Possible connections with Red October and Cloud Atlas campaigns
For RedCurl it makes no difference whether to attack a consulting company in Canada or a Russian bank. Because the contents of the victim’s documents and records can be much more valuable than the contents of their own wallets: the consequences of espionage can amount to tens of millions of dollars, despite the lack of direct financial losses.
RedCurl implements various techniques to stay undetected for months. The lack of indicators and technical data about the group makes it easier for the threat actor to remain active. We continue to track new attacks worldwide and therefore included IoCs in the report, which organizations can use to check their networks for signs of RedCurl infections.
Rustam Mirkasymov
Head of Cyber Threat Research
Advanced protection against cyber threats
Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response.
