Curly COMrades: Russian Hackers Outsmart EDR with Sneaky Hyper-V Tactics!
Russia’s Curly COMrades is cleverly using Microsoft’s Hyper-V to create a hidden Alpine Linux-based virtual machine on compromised Windows machines. This stealthy setup bypasses endpoint security tools, giving them long-term access for espionage and malware deployment. Who knew virtual machines could have such a curly twist?
Hot Take:
Who knew that in 2023, Russia’s Curly COMrades would be the ones to give Microsoft’s Hyper-V a bad hair day? They’ve turned virtualization into villainization by setting up Alpine Linux-based virtual machines, making traditional endpoint security tools look about as useful as a screen door on a submarine. Who needs James Bond when you have CurlyShell and CurlCat?
Key Points:
- Curly COMrades are using Microsoft Hyper-V to create concealed Alpine Linux VMs on compromised Windows machines.
- The group’s custom tools, CurlyShell and CurlCat, help them bypass endpoint security and maintain network access.
- Bitdefender, alongside Georgia’s CERT, uncovered this sneaky malware campaign.
- The malware uses legitimate network traffic appearances to avoid detection.
- The campaign highlights the growing sophistication of methods to bypass traditional EDR tools.
Already a member? Log in here