ThreatCluster

Curly COMrades Exploit Hyper-V for Covert Cyberespionage

First seen 23 Nov 2025, 03:35 UTC Csoonline 100% similarity 37

Article Content

Browse articles
ThreatCluster

The Russian APT group Curly COMrades is exploiting Microsoft's Hyper-V to create hidden Alpine Linux-based virtual machines on compromised Windows 10 systems. This tactic allows them to evade endpoint security measures and maintain persistent access to victim networks, utilizing custom malware tools like CurlyShell and CurlCat. The investigation was conducted by Bitdefender in collaboration with the Georgian CERT.

ThreatCluster AI

Community

Browse all →