RedCurl

Description

(ZDNet) Security researchers have uncovered a new Russian-speaking hacking group that they claim has been focusing on the past three years on corporate espionage, targeting companies across the world to steal documents that contain commercial secrets and employee personal data.

Named RedCurl, the activities of this new group have been detailed in a 57-page report released today by cyber-security firm Group-IB.

The company has been tracking the group since the summer of 2019 when it was first called to investigate a security breach at a company hacked by the group.

Since then, Group-IB said it identified 26 other RedCurl attacks, carried out against 14 organizations, going as far back as 2018.

Names

Name	Name-Giver
RedCurl	Group-IB
Red Wolf	BI.ZONE
Earth Kapre	Trend Micro

Country

• Unknown

Motivation

• Information theft and espionage

First Seen

2018

Observed Sectors

• Construction
• Financial
• Retail
• travel agencies and law and consulting firms

Observed Countries

• Australia
• Canada
• Germany
• Mexico
• Norway
• Russia
• Spain
• UK
• Ukraine
• USA

Tools

• Impacket
• LaZagne

Operations

• 2021: RedCurl: The awakening https://www.group-ib.com/resources/threat-research/red-curl-2.html
• 2022-11: RedCurl hackers return to spy on ‘major Russian bank,’ Australian company https://therecord.media/redcurl-hackers-russian-bank-australian-company
• 2023: Hunting the hunter: BI.ZONE traces the footsteps of Red Wolf https://bi-zone.medium.com/hunting-the-hunter-bi-zone-traces-the-footsteps-of-red-wolf-3677783e164d
• 2023: Unveiling Earth Kapre aka RedCurl’s Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence https://www.trendmicro.com/en_us/research/24/c/unveiling-earth-kapre-aka-redcurls-cyberespionage-tactics-with-t.html
• 2025-03: RedCurl’s Ransomware Debut: A Technical Deep Dive https://www.bitdefender.com/en-us/blog/businessinsights/redcurl-qwcrypt-ransomware-technical-deep-dive

Information

• https://www.zdnet.com/article/redcurl-cybercrime-group-has-hacked-companies-for-three-years/
• https://www.group-ib.com/resources/threat-research/red-curl.html
• https://www.esentire.com/blog/unraveling-the-many-stages-and-techniques-used-by-redcurl-earthkapre-apt

Other Information

Uuid

318f02e3-9165-43fb-b08b-fbf646f4dcf1

Last Card Change

2025-04-21