Curly COMrades Exploit Hyper-V for Covert Malware Operations

Curly COMrades Exploit Hyper-V for Covert Malware Operations

First seen 2 Dec 2025, 18:33 UTC BleepingcomputerBitdefenderTheregisterSecuritybriefCsoonline 82% similarity 8.3

Article Content

Browse articles
ThreatCluster

The Russian hacker group Curly COMrades is utilizing Microsoft Hyper-V to create hidden Alpine Linux-based virtual machines on compromised Windows systems, allowing them to bypass endpoint detection and maintain persistent access. Their operations include deploying custom malware tools such as the CurlyShell reverse shell and CurlCat reverse proxy. This activity has been linked to cyber-espionage efforts supported by Russian interests since mid-2024.

ThreatCluster AI

Community

Browse all →