New MucorAgent malware leveraged in Eastern Europe-targeted campaign

Hackread reports that attacks with the novel MucorAgent backdoor have been deployed by Russia-linked threat operation Curly COMrades against Eastern European countries as part of a new cyberespionage campaign, including Georgia and Moldova.

Targeted computer networks have been embedded by Curly COMrades with concealed pathways using the Stunnel and Resocks tools prior to the delivery of the MucorAgent malware, which abuses a dormant scheduled task within the NGEN component of Windows to enable prolonged persistence, according to a report from Bitdefender. Curly COMrades has also leveraged Mimikatz and DCSync to exfiltrate credentials, which are later sent to their servers via breached websites, hindering detection. Curly COMrades' name was noted to have been derived from its 'curl.exe' tool usage and COM object hijacking focus, with researchers deliberately avoiding cool-sounding names in a bid to "de-glamorize cybercrime, stripping away any perception of sophistication or mystique."