A New Threat Actor Targeting Geopolitical Hotbeds
Essential information
- Published
- 12/08/2025 14:57
- Modified
- 12/08/2025 16:19
- Tags
- 2025-08-12 backdoor clsid hijacking credential-theft geopolitical georgia lateral movement moldova mucoragent proxy tools resocks russia
- Related entities
- 1 intrusion sets (apt), 11 techniques (mitre), 2 malware, 5 others
Description
Bitdefender Labs has uncovered a new threat actor group named Curly COMrades, operating since mid-2024 to support Russian interests. The group targets critical organizations in countries experiencing geopolitical shifts, focusing on judicial and government bodies in Georgia and an energy distribution company in Moldova. Their primary objective is to maintain long-term network access and steal credentials. The attackers use proxy tools like Resocks, SSH, and Stunnel to establish multiple entry points, and deploy a new backdoor called MucorAgent. They also utilize compromised legitimate websites as traffic relays to complicate detection. The group's tactics include credential theft, lateral movement, and data exfiltration, employing both custom and open-source tools.