Bleepingcomputer
Curly COMrades Exploit Hyper-V for Covert Malware Operations
First seen 2 Dec 2025, 18:33 UTC
•



•82% similarity
•8.3
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
The Russian hacker group Curly COMrades is utilizing Microsoft Hyper-V to create hidden Alpine Linux-based virtual machines on compromised Windows systems, allowing them to bypass endpoint detection and maintain persistent access. Their operations include deploying custom malware tools such as the CurlyShell reverse shell and CurlCat reverse proxy. This activity has been linked to cyber-espionage efforts supported by Russian interests since mid-2024.
ThreatCluster AI