216.73.217.50

A New Threat Actor Targeting Geopolitical Hotbeds

· Published 12/08/2025 14:57 · Modified 12/08/2025 16:19

Export JSON

Essential information

Published
12/08/2025 14:57
Modified
12/08/2025 16:19
Tags
2025-08-12 backdoor clsid hijacking credential-theft geopolitical georgia lateral movement moldova mucoragent proxy tools resocks russia
Related entities
1 intrusion sets (apt), 11 techniques (mitre), 2 malware, 5 others

Description

Bitdefender Labs has uncovered a new threat actor group named Curly COMrades, operating since mid-2024 to support Russian interests. The group targets critical organizations in countries experiencing shifts, focusing on judicial and government bodies in and an energy distribution company in . Their primary objective is to maintain long-term network access and steal credentials. The attackers use like , SSH, and Stunnel to establish multiple entry points, and deploy a new called . They also utilize compromised legitimate websites as traffic relays to complicate detection. The group's tactics include credential theft, , and data exfiltration, employing both custom and open-source tools.

External references