Sysdig Threat Research Team has uncovered a Romanian cybercriminal group it believes has been operational for at least ten years. The researchers have named the group RubyCarp.
This raises two immediate questions: why do they believe the group is Romanian, and how can a criminal group be undiscovered for ten years?
IRC channels provide the main indication that RubyCarp is Romanian. It’s not definitive proof on its own, but Romanian and English are the only two languages used by the community
RubyCarp has its own botnet, its own tools, and its own community of users that concentrate on cryptomining and credential phishing.
Sysdig has also published a report on the subject.
Whether the group will remain nonchalant when Sysdig starts to publish an analysis of its tools – already in preparation – remains to be seen.
But also unknown is the number of similar criminal gangs around the world who remain undetected – not through their own high security, but simply through being unnoticeable by maintaining a low profile