Bleepingcomputer
Curly COMrades Exploit Hyper-V for Covert Malware Operations
First seen 5 Nov 2025, 17:08 UTC
•


•81% similarity
•35.8
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
The Russian hacker group Curly COMrades is exploiting Microsoft Hyper-V on compromised Windows machines to create hidden Alpine Linux-based virtual machines. These virtual environments allow the group to bypass endpoint detection tools and maintain persistent access to victim networks, hosting custom malware such as the CurlyShell reverse shell and CurlCat reverse proxy.
ThreatCluster AI