Cyber-Espionage Group Uses Hyper-V for Stealthy Attacks

Cyber Security News by CyberSum.net

Published on November 6, 2025 at 06:00 AM

5 sources

A cyber-espionage group known as Curly COMrades has been leveraging Microsoft Hyper-V virtualization to establish stealthy, persistent access within compromised networks. The group uses this technique to bypass standard endpoint detection and response (EDR) solutions. The operation, which began in July 2025, involves deploying a lightweight Alpine Linux virtual machine that serves as a covert command-and-control (C2) hub. The attackers use custom malware families, CurlyShell and CurlCat, for persistence and remote control. PowerShell scripts are also employed to maintain persistence and lateral movement.

Also Read

Hackers Abuse Google Find Hub to Wipe Android Devices

Hackers are exploiting Google’s Find Hub tool to track and remotely reset Android devices. The attacks start with spear-phishing messages on a popular messaging app, leading victims to execute malicious files. These files install remote access trojans, allowing attackers to harvest Google account credentials and use Find Hub to wipe devices. The attackers also use the GPS tracking feature to time their actions when victims are less likely to respond quickly. This campaign is linked to a known APT group, highlighting the evolving tactics of state-sponsored hackers.

By Cyber Security News by CyberSum.netNovember 12, 2025 at 06:00 AM