Group-IB has identified a group of hackers engaged in corporate espionage

The hacker group RedCurl hacked companies around the world and stole corporate documents. The damage from its activities can amount to tens of millions of dollars

Group-IB, a cybersecurity company, has uncovered a previously unknown hacker group that engaged in corporate espionage.

B Group-IB found that in total, the group carried out 26 attacks on companies from such sectors as construction, finance, retail, banks, insurance, tourism. The hackers targeted commercial organizations in Russia, the United Kingdom, Germany, Canada, Norway, and Ukraine.  The victims of the hackers were 14 organizations. At the same time, at least 10 companies were attacked in Russia.

The group allegedly consists of Russian-speaking hackers. Group-IB notes that RedCurl used a unique tool that allowed it to remain unnoticed for a long time for its victims.

The first known hacker attack occurred in May 2018. Hackers used phishing emails to access corporate information. Most often, employees of one Department of the victim company received an email allegedly from the HR Department, for example, about annual bonuses. The fake emails contained the company’s signature, logo, and fake domain name.

When opening bonus documents attached to emails, a Trojan was launched on the victim’s computer, which was controlled by RedCurl through legitimate cloud storage. Using them, as well as the PowerShell language in the development of Trojans, allowed hackers to remain unnoticed for a long time for traditional cyber defenses.

After that, hackers analyzed the contents of hard drives of users and stole information. First, they were interested in business correspondence, trade secret documents, personal data and passwords of employees.

At the same time, the launched Trojans continued to spread within the victim’s network, infecting more and more computers. Group-IB specialists found that the hackers stayed there from two months to six months. According to Rustam Mirkasymov, head of the Group-IB Dynamic Malware Analysis Department, despite the absence of direct financial damage, indirect losses of victim companies from RedCurl actions can amount to tens of millions of dollars.

Experts continue to record new attacks by the hacker group in different countries of the world.