EN
  • Cyber stability
  • Secops
  • Risks management
  • Digital transformation
  • Digital Sovereignty
  • Cybercrime
  • Industry and OT
  • Fraud
  • Digital identity
  • Cyber +
    • Pro-Russian group Curly COMrades used virtual machines to compromise systems
    • Home
    • Cybercrime
    • Pro-Russian group Curly COMrades used virtual machines to compromise systems

    Pro-Russian group Curly COMrades used virtual machines to compromise systems

    Written by
    The Editorial Team
    11.07.25
    Cybercrime
    01
    MIN
    Pro-Russian group Curly COMrades used virtual machines to compromise systems
    Pro-Russian group Curly COMrades used virtual machines to compromise systems
    Pro-Russian group Curly COMrades used virtual machines to compromise systems
    Image According to the Five Eyes, Chinese spies are using job sites to recruit insiders
    Cybercrime
    06.08.26 Cybercrime
    Next article
    According to the Five Eyes, Chinese spies are using job sites to recruit insiders
    Read
    02
    MIN
    Image From the Sea to the Servers: Behind the Scenes of the Cyber-Maritime War in the Gulf.
    Cyber stability
    05.26.26 Cyber stability
    Next article
    From the Sea to the Servers: Behind the Scenes of the Cyber-Maritime War in the Gulf.
    Read
    05
    MIN
    Image France and the Netherlands lead the dismantling of First VPN, a service popular among cybercriminals
    Cybercrime
    05.25.26 Cybercrime
    Next article
    France and the Netherlands lead the dismantling of First VPN, a service popular among cybercriminals
    Read
    01
    MIN
    Image Arrest of Canadian man suspected of running the KimWolf botnet
    Cybercrime
    05.25.26 Cybercrime
    Next article
    Arrest of Canadian man suspected of running the KimWolf botnet
    Read
    01
    MIN
    According to Bitdefender, this strategy allows attackers to evade detection tools.

    Cybersecurity company Bitdefender published a report on November 4, 2025, detailing the new modus operandi of Curly COMrades, a pro-Russian APT group targeting organizations in Eastern Europe, first identified in August 2025. Researchers documented a campaign exploiting Microsoft Hyper-V virtualization functionality on Windows systems.

    Curly COMrades took control of Hyper-V by disabling its management interface, allowing them to deploy a lightweight Linux Alpine virtual environment on the target machine. Within this environment, the attackers installed two malware tools, CurlyShell and CurlCat, enabling them to execute remote commands while remaining undetectable within network traffic.

    This strategy reportedly allowed Curly COMrades to evade “numerous detection tools.” Bitdefender researchers did not specify which organizations were targeted but indicated that they had collaborated with the Georgian CERT, which initially discovered a CurlCat sample on a network.

    The Editorial Team
    11.07.25
    Articles by the same author:
    1
    06.15.26 Cyber +
    Meta removes facial recognition features from its smart glasses
    Read
    01
    MIN
    2
    06.14.26 Digital Sovereignty
    The new draft European regulation includes a four-level classification system, very close to provisions removed in 2024 from the EUCS certification.
    Read
    02
    MIN
    3
    06.14.26 Cybercrime
    A Cyberattack Forces a British Secondary School to Close
    Read
    01
    MIN
    4
    06.10.26 Cyber +
    Canada: Artificial Intelligence as a Pillar of Digital Sovereignty
    Read
    02
    MIN
    Image According to the Five Eyes, Chinese spies are using job sites to recruit insiders
    Cybercrime
    06.08.26 Cybercrime
    Next article
    According to the Five Eyes, Chinese spies are using job sites to recruit insiders
    Read
    02
    MIN
    Image From the Sea to the Servers: Behind the Scenes of the Cyber-Maritime War in the Gulf.
    Cyber stability
    05.26.26 Cyber stability
    Next article
    From the Sea to the Servers: Behind the Scenes of the Cyber-Maritime War in the Gulf.
    Read
    05
    MIN
    Image France and the Netherlands lead the dismantling of First VPN, a service popular among cybercriminals
    Cybercrime
    05.25.26 Cybercrime
    Next article
    France and the Netherlands lead the dismantling of First VPN, a service popular among cybercriminals
    Read
    01
    MIN
    Image Arrest of Canadian man suspected of running the KimWolf botnet
    Cybercrime
    05.25.26 Cybercrime
    Next article
    Arrest of Canadian man suspected of running the KimWolf botnet
    Read
    01
    MIN
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.