A new cyber-espionage threat group named Curly COMrades is utilizing a sophisticated backdoor malware called MucorAgent to target government and energy sectors. This group demonstrates advanced persistence and evasion techniques, possibly aligned with Russian geopolitical interests. #CurlyCOMrades #MucorAgent
Keypoints
- The threat group uses a custom three-stage malware called MucorAgent for cyber-espionage activities.
- They target government, judicial, and energy organizations mainly in Georgia and Moldova.
- Persistent access is maintained through hijacked scheduled tasks and varied proxy and remote management tools.
- The malware hijacks COM objects and bypasses antivirus mechanisms using encrypted scripts and legitimate system components.
- The group shows signs of advanced operational tactics, including network crawling, credential theft, and data exfiltration using open-source tools.