RedCurl cybercrime group discovered

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT)

A new CyberCrime group nicknamed RedCurl has been discovered after over two years of operation, attacking at least 14 organizations in over 26 attacks. They are known to attack companies in at least six countries, including Norway with banks, insurance and financial companies as some of the industries that they went after. The group was discovered by Group-IB, a global threat hunting and intelligence company headquartered in Singapore, and released a 57 page report on it.

The groups modus operandi did not use advanced tools but rather relied on handcrafted phishing emails, powershell and time to successfully carry out their attacks.

According to the Group-BI report “The attackers posed as members of the HR team at the targeted organization and sent out emails to multiple employees at once, which made the employees less vigilant, especially considering that many of them worked in the same department“, and used the companies logos, signature lines, and spoofing the companies own domain making it very difficult to spot that the mails were not legitimate.

Top 5 Security News