GOLD BLADE
Aliases
SUMMARY
GOLD BLADE is a financially motivated cybercriminal group, also known as RedCurl, Red Wolf, and Earth Kapre, that has conducted commercial espionage since 2018. GOLD BLADE are noted for using well-crafted and targeted phishing emails to attack victims. From late 2024 through early 2025, CTU researchers observed GOLD BLADE targeting human resources personnel with malicious documents purporting to be resumes or curriculum vitae from job applicants.
GOLD BLADE uses legitimately signed executables published by Adobe to side-load malicious payloads like RedLoader. RedLoader begins an infection chain that transmits information about the infected host to a remote C2 host and executes PowerShell scripts that gather information about the compromised Active Directory (AD) environment.
Contactez-nous
Que votre organisation ait besoin d’une assistance immédiate ou que vous souhaitiez discuter de vos besoins en matière de préparation aux incidents, de réponse et de test, contactez-nous directement ci-dessous.