The Reveal Platform
Intel Name: Curly comrades: a new threat actor targeting geopolitical hotbeds
Date of Scan: August 20, 2025
Impact: Medium
Summary: A newly identified threat actor group, Curly COMrades, is targeting critical organizations in geopolitically sensitive regions, including government bodies in Georgia and an energy company in Moldova. Believed to support Russian interests, the group aims to maintain long-term access, steal credentials, and exfiltrate data. They use advanced techniques like NTDS extraction, LSASS dumping, and a custom backdoor called MucorAgent, which exploits Windows NGEN for covert persistence. Their operations are further concealed through proxy tools and compromised legitimate websites used as command-and-control relays.
