API security

Windows tool helps RedCurl obscure cyberespionage attacks

Encryption your data. Digital Lock. Hacker attack and data breach. Big data with encrypted computer code. Safe your data. Cyber internet security and privacy concept. Database storage 3d illustration

Cyberespionage operations by Russian hacking group RedCurl, also known as Red Wolf and Earth Kapre, have been concealed with the exploitation of the Windows Program Compatibility Assistant tool, which was initially intended for managing compatibility concerns with older programs, according to The Hacker News.

Malicious .ISO and .IMG attachments within phishing emails delivered by RedCurl trigger a multi-stage attack that runs an executable to enable curl utility downloading and loader delivery, a report from Trend Micro showed. Windows PCA is then leveraged by the loader to facilitate another downloader process of the attack, which also involved Impacket exploitation for unauthorized command execution. The findings indicate RedCurl's continuous efforts to obfuscate malicious operations, researchers said. "This case underscores the ongoing and active threat posed by Earth Kapre, a threat actor that targets a diverse range of industries across multiple countries," added researchers. Such a report follows a Lab52 study revealing Russian state-sponsored threat operation Turla's utilization of the novel Pelmeni wrapper DLL for Kazuar malware distribution.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.