April 12, 2024 at 11:36AM
The Sysdig Threat Research Team has discovered a longstanding Romanian cybercriminal group named RubyCarp, operating discreetly for at least a decade. The group’s distinct activities and tool suite have been unveiled, shedding light on its cryptomining and credential phishing focus. Despite its low profile, Sysdig has accessed the group, provoking questions about its remaining undetected.
From the meeting notes, here are the key takeaways:
1. The Sysdig Threat Research Team has discovered a Romanian cybercriminal group known as RubyCarp, which has been operating for at least ten years. This longevity raises questions about how such a group managed to remain undetected for so long.
2. While RubyCarp’s activities may not have gone completely unnoticed, their methodologies and tools shared similarities with other criminal groups, making attribution difficult. However, Sysdig’s in-depth discovery has confirmed RubyCarp as a distinct cybercriminal entity.
3. RubyCarp maintains a low profile and focuses on activities like cryptomining and credential phishing to generate income. The group’s community revolves around a small core, and members communicate through public and private IRC channels.
4. Sysdig has uncovered the group’s proprietary tools, leading to a better understanding of its activities. The discovery of these tools is a key factor in identifying RubyCarp as a specific criminal group.
5. The primary developer of RubyCarp is believed to use the username ‘dog’ and is associated with the University of Chemical Technology and Metallurgy in Bulgaria.
6. The use of both Romanian and English languages in their communications is a primary indication suggesting the group’s Romanian origin.
7. Surprisingly, Sysdig still has access to RubyCarp at the time of writing, which may indicate the group’s lack of concern for operational security.
8. Sysdig is preparing to publish an analysis of RubyCarp’s tools, and it remains to be seen how the group will react to this exposure. Additionally, it is unknown how many similar criminal groups around the world are operating unnoticed due to maintaining a low profile.
These takeaways provide a clear understanding of the situation and serve as valuable insights for further action and analysis.