Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

CurlCat

Researchers: Russian-linked group used Hyper-V to hide Alpine VM and bypass endpoint security

Cloud, Cybercrime, News, Research, Vulnerabilities

November 5, 2025

Bitdefender and Georgia CERT say Curly COMrades abused Hyper-V to run a hidden Alpine VM hosting custom implants CurlyShell and CurlCat, bypassing endpoint security and using host networking to mask malicious traffic; researchers published IoCs on GitHub.

About
Editorial Policy
Privacy
Contact