Researchers has uncovered a decade-long botnet operation by a Romanian group dubbed RUBYCARP. This group focuses on financial gain through cryptomining, phishing, and DDoS attacks, utilizing public exploits and brute force for deployment.
Pinpointing their exact origin is challenging, yet it's probable they're Romanian and might share connections with the "Outlaw APT" collective and others who use the Perl Shellbot. This group distinguishes itself by not only engaging in cyberattacks but also in creating and marketing cyberweapons, a relatively rare endeavor. They possess an extensive collection of self-developed tools, offering them a wide range of options in their cyber operations.
The way these cyber adversaries communicate has largely remained the same over the years, with IRC continuing to be a favored channel. RUBYCARP is also notable for its community-oriented approach, providing guidance to newcomers in the cybercrime world. This mentorship has its perks, allowing them to market their arsenal of tools to these novices.
RUBYCARP's strategy includes targeting known security flaws and employing brute force attacks. However, their arsenal of post-exploitation tools and the wide scope of their attack capabilities, including phishing, make them particularly formidable.