New Russian RedCurl attacks detailed

Commercial cyberespionage attacks against a major Russian bank and an Australian firm have been conducted by Russian hacking operation RedCurl this year, reports The Record, a news site by cybersecurity firm Recorded Future. After failing to compromise the Russian bank through phishing emails last November, RedCurl was able to infiltrate one of the bank's contractors in May using the RedCurl.SimpleDownloader tool to access the bank's infrastructure, according to a report from Russian Group-IB offshoot F.A.C.C.T. Threat actors then leveraged a modified version of the tool with improved defenses against detection in targeting the Australian company last month, said researchers. RedCurl, which has mostly targeted Russian organizations since its inception in 2018, was also noted to have been undetected for up to six months before proceeding with corporate data exfiltration activities. "RedCurl remains one of the most interesting Russian-language cybercrime groups, especially the uncommon targeting of both Russian and non-Russian entities," said Russian cybersecurity analyst Ian Litschko in a tweet.