Recent attacks on organizations in Moldova and Georgia suggest a Russian-backed threat actor, “Curly COMrades,” was behind long-term espionage campaigns. The group employs sophisticated techniques, including hijacking Windows scheduled tasks and using compromised websites for covert data exfiltration. #CurlyCOMrades #MucorAgent
Keypoints
- The threat actor targeted judicial, government, and energy organizations in Moldova and Georgia.
- They aim to maintain persistent access and steal credentials for long-term espionage.
- The group uses legitimate websites as relay points to hide malicious activities.
- Techniques include hijacking Windows scheduled tasks and deploying custom malware like MucorAgent.
- Their methods emphasize stealth, with limited exfiltration activities and use of open-source tools.
Read More: https://therecord.media/curly-threat-actor-targeting-moldova