RedCurl: The Security research Group-IB has identified a new Russian speaking threat actor that has reportedly been carrying out attacks over the past three years. Focusing on corporate espionage, the group has been targeting companies all over the world, stealing documents that contain commercial secrets and employee data. Since originally discovered in 2019, Group-IB has found a total of 26 separate attacks against 14 different organizations. Industries targeted included construction companies, retailers, travel agencies, insurance companies, banks, and law firms. It was discovered that the group did not use complex tools or attack methods during their campaigns and instead utilized spear-phishing attacks for initial access. However, the group did take time to personalize their phishing emails by incorporating the target companies’ logo and the sender’s address contained the same domain name as the target company. The emails contained links to malicious files for the victims to download. Once the file had been downloaded, the victim’s computer was infected with a collection of PowerShell-based trojans. The threat actor typically stayed active in a network for two to six months.