Curly COMrades is a sophisticated threat actor targeting government and energy sectors in Georgia and Moldova with long-term cyber espionage campaigns. They utilize custom malware, legitimate tools, and compromised websites to maintain persistent access and exfiltrate data, often aligning with Russian geopolitical interests. #CurlyCOMrades #MucorAgent
Keypoints
- The threat actor primarily targets judicial, government, and energy entities in Georgia and Moldova.
- They focus on extracting sensitive data like NTDS databases and active credentials from compromised systems.
- The attack techniques include the use of legitimate tools like Resocks, SSH, and backdoors such as MucorAgent.
- Impacted systems often involve Windows components like Ngen, exploited for persistence through CLSIDs.
- The campaign shows a strategic combination of open-source tools, customized malware, and stealthy C2 communication methods.
Read More: https://thehackernews.com/2025/08/new-curly-comrades-apt-using-ngen-com.html