Curly COMrades Exploit Hyper-V for Covert Cyberespionage
First seen 23 Nov 2025, 03:35 UTC
•
•100% similarity
•37
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
The Russian APT group Curly COMrades is exploiting Microsoft's Hyper-V to create hidden Alpine Linux-based virtual machines on compromised Windows 10 systems. This tactic allows them to evade endpoint security measures and maintain persistent access to victim networks, utilizing custom malware tools like CurlyShell and CurlCat. The investigation was conducted by Bitdefender in collaboration with the Georgian CERT.
ThreatCluster AI