A naukri.com initiative
Socprime
1M
325
Image Credit: Socprime
RedCurl/EarthKapre APT Attack Detection: A Sophisticated Cyber-Espionage Group Uses a Legitimate Adobe Executable to Deploy a Loader
- The EarthKapre or RedCurl APT cyber-espionage group has targeted legal sector organizations with Indeed-themed phishing attacks.
- In their latest attack, they employed reconnaissance commands, data exfiltration, and the deployment of the EarthKapre/RedCurl loader.
- State-sponsored cyber groups from China, North Korea, Iran, and Russia demonstrated enhanced offensive capabilities in 2024.
- RedCurl (EarthKapre APT) conducted a sophisticated operation targeting organizations in the legal sector.
- SOC Prime Platform offers Sigma rules to detect potential RedCurl APT attacks effectively.
- Security professionals can utilize eSentire’s Threat Response Unit analysis and Uncoder AI to hunt for IOCs and enhance threat detection.
- The use of a legitimate Adobe executable, ADNotificationManager.exe, was observed in the latest RedCurl APT attack.
- The attack involved phishing emails with malicious PDFs leading to the deployment of the EarthKapre loader.
- RedCurl/EarthKapre malware uses various techniques like SysInternals AD Explorer and 7-Zip for data exfiltration.
- Adversaries exploit different stages of attack, including string decryption functions and C2 infrastructure hosted on Cloudflare, to gather victim information.
Read Full Article
19 Likes
For uninterrupted reading, download the app