EN
  • Cyber stability
  • Secops
  • Risks management
  • Digital transformation
  • Digital Sovereignty
  • Cybercrime
  • Industry and OT
  • Fraud
  • Digital identity
  • Cyber +
    • Pro-Russian group Curly COMrades used virtual machines to compromise systems
    • Home
    • Cybercrime
    • Pro-Russian group Curly COMrades used virtual machines to compromise systems

    Pro-Russian group Curly COMrades used virtual machines to compromise systems

    Written by
    The Editorial Team
    11.07.25
    Cybercrime
    01
    MIN
    Pro-Russian group Curly COMrades used virtual machines to compromise systems
    Pro-Russian group Curly COMrades used virtual machines to compromise systems
    Pro-Russian group Curly COMrades used virtual machines to compromise systems
    Image The National File of Bank Accounts Hacked: 1.2 Million Accounts Exposed
    Cybercrime
    02.19.26 Cybercrime
    Next article
    The National File of Bank Accounts Hacked: 1.2 Million Accounts Exposed
    Read
    01
    MIN
    Image Ransomware: Russian Phobos Affiliate Appears Before a French Court
    Cybercrime
    02.17.26 Cybercrime
    Next article
    Ransomware: Russian Phobos Affiliate Appears Before a French Court
    Read
    01
    MIN
    Image A cyberespionage operation compromised 37 governments worldwide
    Cybercrime
    02.06.26 Cybercrime
    Next article
    A cyberespionage operation compromised 37 governments worldwide
    Read
    02
    MIN
    Image Notepad++ hacked by cybercriminals likely affiliated with China
    Cybercrime
    02.03.26 Cybercrime
    Next article
    Notepad++ hacked by cybercriminals likely affiliated with China
    Read
    01
    MIN
    According to Bitdefender, this strategy allows attackers to evade detection tools.

    Cybersecurity company Bitdefender published a report on November 4, 2025, detailing the new modus operandi of Curly COMrades, a pro-Russian APT group targeting organizations in Eastern Europe, first identified in August 2025. Researchers documented a campaign exploiting Microsoft Hyper-V virtualization functionality on Windows systems.

    Curly COMrades took control of Hyper-V by disabling its management interface, allowing them to deploy a lightweight Linux Alpine virtual environment on the target machine. Within this environment, the attackers installed two malware tools, CurlyShell and CurlCat, enabling them to execute remote commands while remaining undetectable within network traffic.

    This strategy reportedly allowed Curly COMrades to evade “numerous detection tools.” Bitdefender researchers did not specify which organizations were targeted but indicated that they had collaborated with the Georgian CERT, which initially discovered a CurlCat sample on a network.

    The Editorial Team
    11.07.25
    Articles by the same author:
    1
    03.03.26 Cyber stability
    NATO Authorizes the Use of iPhones for Classified Data
    Read
    02
    MIN
    2
    02.19.26 Fraud
    Backdoor Identified on Android Tablets
    Read
    01
    MIN
    3
    02.19.26 Cybercrime
    Canada: Quebec School Service Centre Hit by Cyberattack
    Read
    01
    MIN
    4
    02.19.26 Cybersecurity
    Chinese Cyber-Espionage Group Exploits Critical 0-Day in Dell RecoverPoint
    Read
    02
    MIN
    Image The National File of Bank Accounts Hacked: 1.2 Million Accounts Exposed
    Cybercrime
    02.19.26 Cybercrime
    Next article
    The National File of Bank Accounts Hacked: 1.2 Million Accounts Exposed
    Read
    01
    MIN
    Image Ransomware: Russian Phobos Affiliate Appears Before a French Court
    Cybercrime
    02.17.26 Cybercrime
    Next article
    Ransomware: Russian Phobos Affiliate Appears Before a French Court
    Read
    01
    MIN
    Image A cyberespionage operation compromised 37 governments worldwide
    Cybercrime
    02.06.26 Cybercrime
    Next article
    A cyberespionage operation compromised 37 governments worldwide
    Read
    02
    MIN
    Image Notepad++ hacked by cybercriminals likely affiliated with China
    Cybercrime
    02.03.26 Cybercrime
    Next article
    Notepad++ hacked by cybercriminals likely affiliated with China
    Read
    01
    MIN
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.