ETDA ThaiCERT
Report
Search
Home > List all groups > RedCurl

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: RedCurl

NamesRedCurl (Group-IB)
Country[Unknown]
MotivationInformation theft and espionage
First seen2018
Description(ZDNet) Security researchers have uncovered a new Russian-speaking hacking group that they claim has been focusing on the past three years on corporate espionage, targeting companies across the world to steal documents that contain commercial secrets and employee personal data.

Named RedCurl, the activities of this new group have been detailed in a 57-page report released today by cyber-security firm Group-IB.

The company has been tracking the group since the summer of 2019 when it was first called to investigate a security breach at a company hacked by the group.

Since then, Group-IB said it identified 26 other RedCurl attacks, carried out against 14 organizations, going as far back as 2018.
ObservedSectors: Construction, Financial, Retail and travel agencies and law and consulting firms.
Countries: Canada, Germany, Norway, Russia, UK, Ukraine.
Tools usedLaZagne.
Information<https://www.zdnet.com/article/redcurl-cybercrime-group-has-hacked-companies-for-three-years/>
<https://www.group-ib.com/resources/threat-research/red-curl.html>

Last change to this card: 14 August 2020

Download this actor card in PDF or JSON format

Previous: RedAlpha
Next: RedDelta

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key