The RedCurl advanced persistent threat (APT) group has been stealing sensitive corporate documents since 2018, according to researchers at Group IB. The group targets organizations in North America and Europe and steals contracts, financial documents, employee personal records, legal records, and construction documents.
- RedCurl has been able to fly under the radar by using unique tools and tactics similar to red team activity that tests a company's cyber defenses.
- RedCurl uses a well-crafted phishing email to gain access to an organization's network.
- So far, RedCurl has conducted 26 attacks and breached 14 companies in Canada, the U.K., Norway, Germany, Ukraine, and Russia.
- Group IB noted that corporate espionage, which has been rare, is on the rise.