A recent research study has shed light on the decade-long activities of a Romanian cyber threat group known as RUBYCARP, which uses techniques such as cryptocurrency mining and phishing.
One of the key findings from the technical write-up, published by Sysdig today, is the group's use of a script capable of simultaneously deploying multiple cryptocurrency miners.
By executing these miners concurrently, RUBYCARP reduces both the time required for the attack and the likelihood of detection.
Further evidence suggests that RUBYCARP also conducts phishing operations to steal valuable financial assets, including credit card numbers.
The researchers uncovered a phishing template targeting Danish users, impersonating the logistics company Bring.
Further analysis of the group's activities uncovered a variety of tools and techniques, including the use of specific commands within shell bot code to send phishing emails.
The researchers also found evidence of a potential phishing landing page targeting European entities, including Swish Bank and Nets Bank, among others.
The study also highlights RUBYCARP's involvement in the development and sale of cyber weapons.
According to the security experts, communication among threat actors has remained broadly consistent over the years, with IRC remaining highly popular.
The community dynamic within RUBYCARP is noteworthy, as it involves mentoring newcomers to the scene.
This aspect also offers financial advantages to the group, as it can later sell the toolset it has developed to them.
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Tue, 09 Apr 2024 14:40:04 +0000