Tag: RedCurl Cybercrime Group

RedCurl Cybercrime Group Abuses Windows PCA Tool for Corporate Espionage
News

RedCurl Cybercrime Group Abuses Windows PCA Tool for Corporate Espionage

The Program Compatibility Assistant (PCA), a genuine Microsoft Windows component, is being used by the Russian-speaking cybercrime group RedCurl to carry out harmful commands. Trend Micro stated in an analysis released this month that the Program Compatibility Assistant Service (pcalua.exe) is a Windows service intended to detect and resolve compatibility issues with outdated apps. By employing this application as a substitute command-line interpreter, adversaries can use it to circumvent security measures and enable command execution. The threat actor in this investigation employs this technology to mask their actions. RedCurl—also known as Earth Kapre and Red Wolf—has been known to be operating since at least 2018 and has been planning corporate cyber espionage attacks against ...