The threat actor Curly COMrades has been exploiting virtualization technology to evade detection and deploy custom malware on targeted systems. Their use of Hyper-V and virtual machines enables persistent remote control and avoids traditional security measures. #CurlyCOMrades #HyperV #Virtualization #CyberattackTools
Keypoints
- Curly COMrades exploit Hyper-V to deploy hidden virtual environments for malware execution.
- The threat actor first appeared in attacks targeting Georgia and Moldova in August 2025.
- Malware such as CurlyShell and CurlCat facilitate remote control and persistent access.
- Using virtualization helps bypass traditional host-based endpoint detection and response (EDR) systems.
- The group employs various tools, including proxy, tunneling software, and custom malware to maintain access.
Read More: https://thehackernews.com/2025/11/hackers-weaponize-windows-hyper-v-to.html