skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Huntress Identifies RedCurl Cyberespionage Activities in Canada

/ 1 min read

🦊 Huntress uncovers RedCurl cyberespionage activities in Canada. In mid to late 2024, Huntress identified cyber activities linked to the APT group RedCurl, known for its stealthy cyberespionage tactics targeting various industries, including finance and retail. The investigation revealed the use of scheduled tasks and PowerShell scripts to execute malicious binaries and exfiltrate data to cloud storage. Notably, RedCurl employed unique techniques, such as utilizing the Windows Program Compatibility Assistant (pcalua.exe) for indirect command execution, making detection challenging. The report emphasizes the importance of monitoring for anomalous behaviors and highlights the evolving tactics of RedCurl, which continues to adapt its methods to evade detection.

Source
{entry.data.source.title}
Original