Huntress Identifies RedCurl Cyberespionage Activities in Canada
/ 1 min read
🦊 Huntress uncovers RedCurl cyberespionage activities in Canada. In mid to late 2024, Huntress identified cyber activities linked to the APT group RedCurl, known for its stealthy cyberespionage tactics targeting various industries, including finance and retail. The investigation revealed the use of scheduled tasks and PowerShell scripts to execute malicious binaries and exfiltrate data to cloud storage. Notably, RedCurl employed unique techniques, such as utilizing the Windows Program Compatibility Assistant (pcalua.exe) for indirect command execution, making detection challenging. The report emphasizes the importance of monitoring for anomalous behaviors and highlights the evolving tactics of RedCurl, which continues to adapt its methods to evade detection.
