Commercial espionage remains a rare phenomenon, but the success of this group can set a new trend.
The cybersecurity company Group-IB has discovered traces of new attacks by RedCurl hackers engaged in commercial espionage and theft of corporate documentation from companies from various industries. This time, the victim of the group was a Russian retailer, one of the top 20 largest online stores in Russia.
The company notes that it discovered a new Russian-speaking group last year, in the period from 2018 to 2020, it carried out 26 attacks, 14 victim organizations from different countries were identified. Among the hackers' targets are construction, financial, consulting companies, retailers, banks and insurance, legal organizations located in Russia, Ukraine, the UK, Germany, Canada, and Norway. In 2021, the attacks resumed.
According to experts, commercial espionage remains a rare phenomenon, but the success of this group can set a new trend. The company's specialists noted that since the beginning of 2021, 4 attacks have been recorded.
A feature of the group is the sending of phishing emails to different departments of the organization on behalf of the HR team. After a computer is infected, information about the victim's infrastructure begins to be collected on the organization's network; criminals are interested in the version and name of the infected system, the list of network and logical drives, and the list of passwords.
Experts note that the actions and methods of RedCurl are unique for Russian-speaking hackers, for example, from the moment of infection to data theft, it takes from 2 to 6 months. The group does not use standard means of remote control of compromised devices. Infection, attachment to an infected device, promotion on the network, and theft of documents are carried using self-written and several public tools.
The group does not encrypt the infrastructure of the victim company, does not withdraw money from accounts, and does not demand a ransom for stolen data. This may indicate that hackers are rewarded from other sources, and their goal is to secretly extract valuable information. According to the company, RedCurl is interested in business correspondence, personal files of employees, documentation on various legal entities, and court cases.