TZUTC: -0500
MSGID: 1363.consprcy@1:2320/105 2d032b2c
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
Experts warn criminals are using backdoor malware to target governments

Date:
Wed, 13 Aug 2025 12:52:00 +0000

Description:
CurlyCOMrades are targeting Moldova and Georgia governments with MucorAgent.

FULL STORY

Cybersecurity researchers at Bitdefender recently spotted a new threat actor
using a never-before-seen piece of backdoor malware to target critical
infrastructure organizations in eastern Europe. 

Bitdefender named the new group Curly COMrades, since it heavily relies on 
the curl.exe tool to pull data and communicate with the C2 server, and since
it hijacks Component Object Model (COM) objects during its attacks. 

In its attacks, Curly COMrades deploy a backdoor named MucorAgent, a custom
three-stage malware component, engineered as a .NET stealthy tool capable of
executing an AES-encrypted PowerShell script and uploading the resulting
output to a designated server. When in doubt - blame the Russians 

In other words, its a piece of Windows malware that runs hidden commands,
keeps them encrypted to avoid detection, and sends the results back to the
attacker. 

So far, identified victims include government and judicial organizations in
Georgia, and energy companies in Moldova. 

Given the targets, the researchers believe the attackers are of Russian
origin, or at least Russia-aligned. 

However, they did stress that there are no strong overlaps with known Russian
APT groups, but Curly COMrades operations align with the geopolitical goals 
of the Russian Federation." 

Bitdefender also could not determine the initial access vector - how crooks
managed to infiltrate the target endpoints to deploy MucorAgent to begin 
with. 

They claim to have seen installations of multiple proxy agents, including
Resocks which, they suspect, may have been used to that end. 

Ever since Russias attention turned towards Ukraine in 2014 with the
annexation of Crimea, countries on its eastern border have lost the 
spotlight. Georgia, however, is in a similar position to Ukraine, with two
regions declaring independence with the help of the Russian military - South
Ossetia, and Abkhazia. Therefore, it would make sense that Russias cyberspies
would like to keep tabs on neighboring countries and their diplomatic 
efforts. 

 Via BleepingComputer

======================================================================
Link to news story:
https://www.techradar.com/pro/security/experts-warn-criminals-are-using-backdo
or-malware-to-target-governments

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30
SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426