The Curly COMrades hacker group has begun exploiting Windows Hyper-V virtualization technology to establish covert access to victim networks, marking a significant evolution in attack methodologies. By deploying a lightweight Alpine Linux-based virtual machine on compromised Windows 10 machines, they can host proprietary malware while circumventing endpoint detection solutions.
Researchers, in collaboration with the Georgian CERT, uncovered this advanced campaign, highlighting Curly COMrades’ origins linked to Russian geopolitical interests. Their approach includes the use of a minimal virtual environment that obscures malicious activities, employing tactics like disguised file downloads and persistent connectivity mechanisms. By utilizing root-level cron tasks within the virtual machine, the attackers ensure continuous communication with their command and control infrastructure, complicating detection efforts by routing traffic through legitimate IP addresses.
👉 Pročitaj original: Cyber Security News
