Cyber Resilience

Threat actor · all actors

RedCurlG1039 unknown

aka RedCurl

Last updated: 2026-07-03

0attributed CVEs
60ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[RedCurl](https://attack.mitre.org/groups/G1039) is a threat actor active since 2018 notable for corporate espionage targeting a variety of locations, including Ukraine, Canada and the United Kingdom, and a variety of industries, including but not limited to travel agencies, insurance companies, and banks.(Citation: group-ib_redcurl1) [RedCurl](https://attack.mitre.org/groups/G1039) is allegedly a Russian-speaking threat actor.(Citation: group-ib_redcurl1)(Citation: group-ib_redcurl2) The group’s operations typically start with spearphishing emails to gain initial access, then the group executes discovery and collection commands and scripts to find corporate data. The group concludes operations by exfiltrating files to the C2 servers.

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-444 / 6073%
CM-637 / 6062%
CM-235 / 6058%
SI-330 / 6050%
CA-729 / 6048%
CM-727 / 6045%
AC-322 / 6037%
AC-422 / 6037%
SC-722 / 6037%
AC-620 / 6033%
SI-720 / 6033%
AC-219 / 6032%
SI-1014 / 6023%
RA-513 / 6022%
SI-213 / 6022%

Co-occurring actors

None.

Similar actors

Similar TTPs